/// <summary>
/// Encrypt the payload using the symmetric key according to params, and return
/// an EncryptedContent.
/// </summary>
///
/// <param name="payload">The data to encrypt.</param>
/// <param name="key">The key value.</param>
/// <param name="keyName">The key name for the EncryptedContent key locator.</param>
/// <param name="params">The parameters for encryption.</param>
/// <returns>A new EncryptedContent.</returns>
private static EncryptedContent encryptSymmetric(Blob payload, Blob key,
Name keyName, EncryptParams paras)
{
EncryptAlgorithmType algorithmType = paras.getAlgorithmType();
Blob initialVector = paras.getInitialVector();
KeyLocator keyLocator = new KeyLocator();
keyLocator.setType(net.named_data.jndn.KeyLocatorType.KEYNAME);
keyLocator.setKeyName(keyName);
if (algorithmType == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesCbc ||
algorithmType == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesEcb)
{
if (algorithmType == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesCbc)
{
if (initialVector.size() != net.named_data.jndn.encrypt.algo.AesAlgorithm.BLOCK_SIZE)
{
throw new Exception("incorrect initial vector size");
}
}
Blob encryptedPayload = net.named_data.jndn.encrypt.algo.AesAlgorithm.encrypt(key, payload, paras);
EncryptedContent result = new EncryptedContent();
result.setAlgorithmType(algorithmType);
result.setKeyLocator(keyLocator);
result.setPayload(encryptedPayload);
result.setInitialVector(initialVector);
return(result);
}
else
{
throw new Exception("Unsupported encryption method");
}
}
/// <summary>
/// Encrypt the payload using the asymmetric key according to params, and
/// return an EncryptedContent.
/// </summary>
///
/// <param name="payload"></param>
/// <param name="key">The key value.</param>
/// <param name="keyName">The key name for the EncryptedContent key locator.</param>
/// <param name="params">The parameters for encryption.</param>
/// <returns>A new EncryptedContent.</returns>
private static EncryptedContent encryptAsymmetric(Blob payload, Blob key,
Name keyName, EncryptParams paras)
{
EncryptAlgorithmType algorithmType = paras.getAlgorithmType();
KeyLocator keyLocator = new KeyLocator();
keyLocator.setType(net.named_data.jndn.KeyLocatorType.KEYNAME);
keyLocator.setKeyName(keyName);
if (algorithmType == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaPkcs ||
algorithmType == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaOaep)
{
Blob encryptedPayload = net.named_data.jndn.encrypt.algo.RsaAlgorithm.encrypt(key, payload, paras);
EncryptedContent result = new EncryptedContent();
result.setAlgorithmType(algorithmType);
result.setKeyLocator(keyLocator);
result.setPayload(encryptedPayload);
return(result);
}
else
{
throw new Exception("Unsupported encryption method");
}
}
/// <summary>
/// Create an EncryptedContent where all the values are unspecified.
/// </summary>
///
public EncryptedContent()
{
this.algorithmType_ = net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.NONE;
this.keyLocator_ = new KeyLocator();
this.initialVector_ = new Blob();
this.payload_ = new Blob();
}
/// <summary>
/// Create an EncryptParams with the given parameters.
/// </summary>
///
/// <param name="algorithmType">The algorithm type, or null if not specified.</param>
/// <param name="initialVectorLength"></param>
public EncryptParams(EncryptAlgorithmType algorithmType,
int initialVectorLength)
{
algorithmType_ = algorithmType;
if (initialVectorLength > 0) {
ByteBuffer initialVector = ILOG.J2CsMapping.NIO.ByteBuffer.allocate(initialVectorLength);
net.named_data.jndn.util.Common.getRandom().nextBytes(initialVector.array());
initialVector_ = new Blob(initialVector, false);
} else
initialVector_ = new Blob();
}
/// <summary>
/// Create an EncryptParams with the given parameters.
/// </summary>
///
/// <param name="algorithmType">The algorithm type, or null if not specified.</param>
/// <param name="initialVectorLength"></param>
public EncryptParams(EncryptAlgorithmType algorithmType,
int initialVectorLength)
{
algorithmType_ = algorithmType;
if (initialVectorLength > 0)
{
ByteBuffer initialVector = ILOG.J2CsMapping.NIO.ByteBuffer.allocate(initialVectorLength);
net.named_data.jndn.util.Common.getRandom().nextBytes(initialVector.array());
initialVector_ = new Blob(initialVector, false);
}
else
{
initialVector_ = new Blob();
}
}
/// <summary>
/// Encrypt the plainData using the keyBits according the encrypt algorithm type.
/// </summary>
///
/// <param name="plainData">The data to encrypt.</param>
/// <param name="algorithmType"></param>
/// <returns>The encrypted data.</returns>
public Blob encrypt(byte[] plainData, EncryptAlgorithmType algorithmType)
{
System.SecurityPublicKey publicKey = keyFactory_
.generatePublic(new X509EncodedKeySpec(keyDer_
.getImmutableArray()));
String transformation;
if (algorithmType == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaPkcs)
{
if (keyType_ != net.named_data.jndn.security.KeyType.RSA)
{
throw new Exception("The key type must be RSA");
}
transformation = "RSA/ECB/PKCS1Padding";
}
else if (algorithmType == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaOaep)
{
if (keyType_ != net.named_data.jndn.security.KeyType.RSA)
{
throw new Exception("The key type must be RSA");
}
transformation = "RSA/ECB/OAEPWithSHA-1AndMGF1Padding";
}
else
{
throw new Exception("unsupported padding scheme");
}
Cipher cipher = javax.crypto.Cipher.getInstance(transformation);
cipher.init(javax.crypto.Cipher.ENCRYPT_MODE, publicKey);
return(new Blob(cipher.doFinal(plainData), false));
}
/// <summary>
/// Decrypt the cipherText using this private key according the encryption
/// algorithmType. Only RSA encryption is supported for now.
/// </summary>
///
/// <param name="cipherText">The cipher text byte buffer.</param>
/// <param name="algorithmType">This decrypts according to algorithmType.</param>
/// <returns>The decrypted data.</returns>
/// <exception cref="TpmPrivateKey.Error">if the private key is not loaded, ifdecryption is not supported for this key type, or for error decrypting.</exception>
public Blob decrypt(ByteBuffer cipherText,
EncryptAlgorithmType algorithmType)
{
if (keyType_ == null)
{
throw new TpmPrivateKey.Error(
"decrypt: The private key is not loaded");
}
String transformation;
if (algorithmType == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaPkcs)
{
transformation = "RSA/ECB/PKCS1Padding";
}
else if (algorithmType == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaOaep)
{
transformation = "RSA/ECB/OAEPWithSHA-1AndMGF1Padding";
}
else
{
throw new TpmPrivateKey.Error("unsupported padding scheme");
}
try {
Cipher cipher = javax.crypto.Cipher.getInstance(transformation);
cipher.init(javax.crypto.Cipher.DECRYPT_MODE, privateKey_);
// Use Blob to get the byte array.
byte[] cipherByteArray = new Blob(cipherText, false)
.getImmutableArray();
return(new Blob(cipher.doFinal(cipherByteArray), false));
} catch (Exception ex) {
throw new TpmPrivateKey.Error("Error decrypting with private key: "
+ ex.Message);
}
}
/// <summary>
/// Set the algorithm type.
/// </summary>
///
/// <param name="algorithmType">The algorithm type. If not specified, set to null.</param>
/// <returns>This EncryptParams so that you can chain calls to update values.</returns>
public EncryptParams setAlgorithmType(
EncryptAlgorithmType algorithmType)
{
algorithmType_ = algorithmType;
return(this);
}
/// <summary>
/// Create an EncryptParams with the given algorithmType and an unspecified
/// initial vector.
/// </summary>
///
/// <param name="algorithmType">The algorithm type, or null if not specified.</param>
public EncryptParams(EncryptAlgorithmType algorithmType)
{
algorithmType_ = algorithmType;
initialVector_ = new Blob();
}
/// <summary>
/// Create an EncryptParams with the given algorithmType and an unspecified
/// initial vector.
/// </summary>
///
/// <param name="algorithmType">The algorithm type, or null if not specified.</param>
public EncryptParams(EncryptAlgorithmType algorithmType)
{
algorithmType_ = algorithmType;
initialVector_ = new Blob();
}
/// <summary>
/// Set the algorithm type.
/// </summary>
///
/// <param name="algorithmType">The algorithm type. If not specified, set to null.</param>
/// <returns>This EncryptParams so that you can chain calls to update values.</returns>
public EncryptParams setAlgorithmType(
EncryptAlgorithmType algorithmType)
{
algorithmType_ = algorithmType;
return this;
}
/// <summary>
/// Prepare an encrypted data packet by encrypting the payload using the key
/// according to the params. In addition, this prepares the encoded
/// EncryptedContent with the encryption result using keyName and params. The
/// encoding is set as the content of the data packet. If params defines an
/// asymmetric encryption algorithm and the payload is larger than the maximum
/// plaintext size, this encrypts the payload with a symmetric key that is
/// asymmetrically encrypted and provided as a nonce in the content of the data
/// packet. The packet's /{dataName}/ is updated to be
/// /{dataName}/FOR/{keyName}
/// </summary>
///
/// <param name="data">The data packet which is updated.</param>
/// <param name="payload">The payload to encrypt.</param>
/// <param name="keyName">The key name for the EncryptedContent.</param>
/// <param name="key">The encryption key value.</param>
/// <param name="params">The parameters for encryption.</param>
public static void encryptData(Data data, Blob payload, Name keyName,
Blob key, EncryptParams paras)
{
Name dataName = data.getName();
dataName.append(NAME_COMPONENT_FOR).append(keyName);
data.setName(dataName);
EncryptAlgorithmType algorithmType = paras.getAlgorithmType();
if (algorithmType == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesCbc ||
algorithmType == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesEcb)
{
EncryptedContent content = encryptSymmetric(payload, key, keyName,
paras);
data.setContent(content.wireEncode(net.named_data.jndn.encoding.TlvWireFormat.get()));
}
else if (algorithmType == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaPkcs ||
algorithmType == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaOaep)
{
// Java doesn't have a direct way to get the maximum plain text size, so
// try to encrypt the payload first and catch the error if it is too big.
try {
EncryptedContent content_0 = encryptAsymmetric(payload, key,
keyName, paras);
data.setContent(content_0.wireEncode(net.named_data.jndn.encoding.TlvWireFormat.get()));
return;
} catch (IllegalBlockSizeException ex) {
// The payload is larger than the maximum plaintext size. Continue.
}
// 128-bit nonce.
ByteBuffer nonceKeyBuffer = ILOG.J2CsMapping.NIO.ByteBuffer.allocate(16);
net.named_data.jndn.util.Common.getRandom().nextBytes(nonceKeyBuffer.array());
Blob nonceKey = new Blob(nonceKeyBuffer, false);
Name nonceKeyName = new Name(keyName);
nonceKeyName.append("nonce");
EncryptParams symmetricParams = new EncryptParams(
net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesCbc, net.named_data.jndn.encrypt.algo.AesAlgorithm.BLOCK_SIZE);
EncryptedContent nonceContent = encryptSymmetric(payload, nonceKey,
nonceKeyName, symmetricParams);
EncryptedContent payloadContent = encryptAsymmetric(nonceKey, key,
keyName, paras);
Blob nonceContentEncoding = nonceContent.wireEncode();
Blob payloadContentEncoding = payloadContent.wireEncode();
ByteBuffer content_1 = ILOG.J2CsMapping.NIO.ByteBuffer.allocate(nonceContentEncoding
.size() + payloadContentEncoding.size());
content_1.put(payloadContentEncoding.buf());
content_1.put(nonceContentEncoding.buf());
content_1.flip();
data.setContent(new Blob(content_1, false));
}
else
{
throw new Exception("Unsupported encryption method");
}
}
/// <summary>
/// Set the algorithm type.
/// </summary>
///
/// <param name="algorithmType">The algorithm type. If not specified, set to null.</param>
/// <returns>This EncryptedContent so that you can chain calls to update values.</returns>
public EncryptedContent setAlgorithmType(
EncryptAlgorithmType algorithmType)
{
algorithmType_ = algorithmType;
return(this);
}
getNumericType(this EncryptAlgorithmType algorithmType)
{
return((int)algorithmType);
}
/// <summary>
/// Encrypt the plainData using the keyBits according the encrypt algorithm type.
/// </summary>
///
/// <param name="plainData">The data to encrypt.</param>
/// <param name="algorithmType"></param>
/// <returns>The encrypted data.</returns>
public Blob encrypt(Blob plainData, EncryptAlgorithmType algorithmType)
{
return(encrypt(plainData.getImmutableArray(), algorithmType));
}
/// <summary>
/// Set the algorithm type.
/// </summary>
///
/// <param name="algorithmType"></param>
/// <returns>This EncryptedContent so that you can chain calls to update values.</returns>
public EncryptedContent setAlgorithmType(
EncryptAlgorithmType algorithmType)
{
algorithmType_ = algorithmType;
return this;
}
