/// <summary> /// Set this interest to use a copy of the given KeyLocator object. /// </summary> /// /// @note ou can also call getKeyLocator and change the key locator directly. /// <param name="keyLocator">KeyLocator with an unspecified type.</param> /// <returns>This Interest so that you can chain calls to update values.</returns> public Interest setKeyLocator(KeyLocator keyLocator) { keyLocator_.set((keyLocator == null) ? new KeyLocator() : new KeyLocator( keyLocator)); ++changeCount_; return(this); }
/// <summary> /// Create an EncryptedContent where all the values are unspecified. /// </summary> /// public EncryptedContent() { this.algorithmType_ = net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.NONE; this.keyLocator_ = new KeyLocator(); this.initialVector_ = new Blob(); this.payload_ = new Blob(); }
/// <summary> /// Create a new KeyLocator with a copy of the fields in keyLocator. /// </summary> /// /// <param name="keyLocator">The KeyLocator to copy.</param> public KeyLocator(KeyLocator keyLocator) { this.type_ = net.named_data.jndn.KeyLocatorType.NONE; this.keyData_ = new Blob(); this.keyName_ = new ChangeCounter(new Name()); this.changeCount_ = 0; type_ = keyLocator.type_; keyData_ = keyLocator.keyData_; keyName_.set(new Name(keyLocator.getKeyName())); }
/// <summary> /// Check if this key locator has the same values as the given key locator. /// </summary> /// /// <param name="other">The other key locator to check.</param> /// <returns>true if the key locators are equal, otherwise false.</returns> public bool equals(KeyLocator other) { if (type_ != other.type_) { return(false); } if (type_ == net.named_data.jndn.KeyLocatorType.KEYNAME) { if (!getKeyName().equals(other.getKeyName())) { return(false); } } else if (type_ == net.named_data.jndn.KeyLocatorType.KEY_LOCATOR_DIGEST) { if (!getKeyData().equals(other.getKeyData())) { return(false); } } return(true); }
public void setKeyLocator(KeyLocator keyLocator) { keyLocator_.set(((keyLocator == null) ? new KeyLocator() : new KeyLocator(keyLocator))); ++changeCount_; }
/// <summary> /// Set this interest to use a copy of the given KeyLocator object. /// </summary> /// /// @note You can also call getKeyLocator and change the key locator directly. /// <param name="keyLocator">KeyLocator with an unspecified type.</param> /// <returns>This Interest so that you can chain calls to update values.</returns> public Interest setKeyLocator(KeyLocator keyLocator) { keyLocator_.set((keyLocator == null) ? new KeyLocator() : new KeyLocator( keyLocator)); ++changeCount_; return this; }
/// <summary> /// Encrypt the payload using the symmetric key according to params, and return /// an EncryptedContent. /// </summary> /// /// <param name="payload">The data to encrypt.</param> /// <param name="key">The key value.</param> /// <param name="keyName">The key name for the EncryptedContent key locator.</param> /// <param name="params">The parameters for encryption.</param> /// <returns>A new EncryptedContent.</returns> private static EncryptedContent encryptSymmetric(Blob payload, Blob key, Name keyName, EncryptParams paras) { EncryptAlgorithmType algorithmType = paras.getAlgorithmType(); Blob initialVector = paras.getInitialVector(); KeyLocator keyLocator = new KeyLocator(); keyLocator.setType(net.named_data.jndn.KeyLocatorType.KEYNAME); keyLocator.setKeyName(keyName); if (algorithmType == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesCbc || algorithmType == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesEcb) { if (algorithmType == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesCbc) { if (initialVector.size() != net.named_data.jndn.encrypt.algo.AesAlgorithm.BLOCK_SIZE) throw new Exception("incorrect initial vector size"); } Blob encryptedPayload = net.named_data.jndn.encrypt.algo.AesAlgorithm.encrypt(key, payload, paras); EncryptedContent result = new EncryptedContent(); result.setAlgorithmType(algorithmType); result.setKeyLocator(keyLocator); result.setPayload(encryptedPayload); result.setInitialVector(initialVector); return result; } else throw new Exception("Unsupported encryption method"); }
/// <summary> /// Encrypt the payload using the asymmetric key according to params, and /// return an EncryptedContent. /// </summary> /// /// <param name="payload"></param> /// <param name="key">The key value.</param> /// <param name="keyName">The key name for the EncryptedContent key locator.</param> /// <param name="params">The parameters for encryption.</param> /// <returns>A new EncryptedContent.</returns> private static EncryptedContent encryptAsymmetric(Blob payload, Blob key, Name keyName, EncryptParams paras) { EncryptAlgorithmType algorithmType = paras.getAlgorithmType(); KeyLocator keyLocator = new KeyLocator(); keyLocator.setType(net.named_data.jndn.KeyLocatorType.KEYNAME); keyLocator.setKeyName(keyName); if (algorithmType == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaPkcs || algorithmType == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaOaep) { Blob encryptedPayload = net.named_data.jndn.encrypt.algo.RsaAlgorithm.encrypt(key, payload, paras); EncryptedContent result = new EncryptedContent(); result.setAlgorithmType(algorithmType); result.setKeyLocator(keyLocator); result.setPayload(encryptedPayload); return result; } else throw new Exception("Unsupported encryption method"); }
/// <summary> /// Create an identity certificate for a public key supplied by the caller. /// </summary> /// /// <param name="certificatePrefix">The name of public key to be signed.</param> /// <param name="publicKey">The public key to be signed.</param> /// <param name="signerCertificateName">The name of signing certificate.</param> /// <param name="notBefore">The notBefore value in the validity field of the generated certificate.</param> /// <param name="notAfter">The notAfter vallue in validity field of the generated certificate.</param> /// <returns>The generated identity certificate.</returns> public IdentityCertificate createIdentityCertificate( Name certificatePrefix, PublicKey publicKey, Name signerCertificateName, double notBefore, double notAfter) { IdentityCertificate certificate = new IdentityCertificate(); Name keyName = getKeyNameFromCertificatePrefix(certificatePrefix); Name certificateName = new Name(certificatePrefix); certificateName.append("ID-CERT").appendVersion( (long) net.named_data.jndn.util.Common.getNowMilliseconds()); certificate.setName(certificateName); certificate.setNotBefore(notBefore); certificate.setNotAfter(notAfter); certificate.setPublicKeyInfo(publicKey); certificate.addSubjectDescription(new CertificateSubjectDescription( "2.5.4.41", keyName.toUri())); try { certificate.encode(); } catch (DerEncodingException ex) { throw new SecurityException("DerDecodingException: " + ex); } catch (DerDecodingException ex_0) { throw new SecurityException("DerEncodingException: " + ex_0); } Sha256WithRsaSignature sha256Sig = new Sha256WithRsaSignature(); KeyLocator keyLocator = new KeyLocator(); keyLocator.setType(net.named_data.jndn.KeyLocatorType.KEYNAME); keyLocator.setKeyName(signerCertificateName); sha256Sig.setKeyLocator(keyLocator); certificate.setSignature(sha256Sig); SignedBlob unsignedData = certificate.wireEncode(); IdentityCertificate signerCertificate; try { signerCertificate = getCertificate(signerCertificateName); } catch (DerDecodingException ex_1) { throw new SecurityException("DerDecodingException: " + ex_1); } Name signerkeyName = signerCertificate.getPublicKeyName(); Blob sigBits = privateKeyStorage_.sign(unsignedData.signedBuf(), signerkeyName); sha256Sig.setSignature(sigBits); return certificate; }
private static void decodeKeyLocator(int expectedType, KeyLocator keyLocator, TlvDecoder decoder, bool copy) { int endOffset = decoder.readNestedTlvsStart(expectedType); keyLocator.clear(); if (decoder.getOffset() == endOffset) // The KeyLocator is omitted, so leave the fields as none. return; if (decoder.peekType(net.named_data.jndn.encoding.tlv.Tlv.Name, endOffset)) { // KeyLocator is a Name. keyLocator.setType(net.named_data.jndn.KeyLocatorType.KEYNAME); decodeName(keyLocator.getKeyName(), new int[1], new int[1], decoder, copy); } else if (decoder.peekType(net.named_data.jndn.encoding.tlv.Tlv.KeyLocatorDigest, endOffset)) { // KeyLocator is a KeyLocatorDigest. keyLocator.setType(net.named_data.jndn.KeyLocatorType.KEY_LOCATOR_DIGEST); keyLocator.setKeyData(new Blob(decoder .readBlobTlv(net.named_data.jndn.encoding.tlv.Tlv.KeyLocatorDigest), copy)); } else throw new EncodingException( "decodeKeyLocator: Unrecognized key locator type"); decoder.finishNestedTlvs(endOffset); }
private static void encodeKeyLocator(int type, KeyLocator keyLocator, TlvEncoder encoder) { int saveLength = encoder.getLength(); // Encode backwards. if (keyLocator.getType() != net.named_data.jndn.KeyLocatorType.NONE) { if (keyLocator.getType() == net.named_data.jndn.KeyLocatorType.KEYNAME) encodeName(keyLocator.getKeyName(), new int[1], new int[1], encoder); else if (keyLocator.getType() == net.named_data.jndn.KeyLocatorType.KEY_LOCATOR_DIGEST && keyLocator.getKeyData().size() > 0) encoder.writeBlobTlv(net.named_data.jndn.encoding.tlv.Tlv.KeyLocatorDigest, keyLocator .getKeyData().buf()); else throw new Exception("Unrecognized KeyLocatorType " + keyLocator.getType()); } encoder.writeTypeAndLength(type, encoder.getLength() - saveLength); }
public void testConstructor() { // Check default settings. EncryptedContent content = new EncryptedContent(); Assert.AssertEquals(net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.NONE, content.getAlgorithmType()); Assert.AssertEquals(true, content.getPayload().isNull()); Assert.AssertEquals(true, content.getInitialVector().isNull()); Assert.AssertEquals(net.named_data.jndn.KeyLocatorType.NONE, content.getKeyLocator().getType()); // Check an encrypted content with IV. KeyLocator keyLocator = new KeyLocator(); keyLocator.setType(net.named_data.jndn.KeyLocatorType.KEYNAME); keyLocator.getKeyName().set("/test/key/locator"); EncryptedContent rsaOaepContent = new EncryptedContent(); rsaOaepContent.setAlgorithmType(net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaOaep) .setKeyLocator(keyLocator).setPayload(new Blob(message, false)) .setInitialVector(new Blob(iv, false)); Assert.AssertEquals(net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaOaep, rsaOaepContent.getAlgorithmType()); Assert.AssertTrue(rsaOaepContent.getPayload().equals(new Blob(message, false))); Assert.AssertTrue(rsaOaepContent.getInitialVector() .equals(new Blob(iv, false))); Assert.AssertTrue(rsaOaepContent.getKeyLocator().getType() != net.named_data.jndn.KeyLocatorType.NONE); Assert.AssertTrue(rsaOaepContent.getKeyLocator().getKeyName() .equals(new Name("/test/key/locator"))); // Encoding. Blob encryptedBlob = new Blob(encrypted, false); Blob encoded = rsaOaepContent.wireEncode(); Assert.AssertTrue(encryptedBlob.equals(encoded)); // Decoding. EncryptedContent rsaOaepContent2 = new EncryptedContent(); rsaOaepContent2.wireDecode(encryptedBlob); Assert.AssertEquals(net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaOaep, rsaOaepContent2.getAlgorithmType()); Assert.AssertTrue(rsaOaepContent2.getPayload() .equals(new Blob(message, false))); Assert.AssertTrue(rsaOaepContent2.getInitialVector().equals( new Blob(iv, false))); Assert.AssertTrue(rsaOaepContent2.getKeyLocator().getType() != net.named_data.jndn.KeyLocatorType.NONE); Assert.AssertTrue(rsaOaepContent2.getKeyLocator().getKeyName() .equals(new Name("/test/key/locator"))); // Check the no IV case. EncryptedContent rsaOaepContentNoIv = new EncryptedContent(); rsaOaepContentNoIv.setAlgorithmType(net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaOaep) .setKeyLocator(keyLocator).setPayload(new Blob(message, false)); Assert.AssertEquals(net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaOaep, rsaOaepContentNoIv.getAlgorithmType()); Assert.AssertTrue(rsaOaepContentNoIv.getPayload().equals( new Blob(message, false))); Assert.AssertTrue(rsaOaepContentNoIv.getInitialVector().isNull()); Assert.AssertTrue(rsaOaepContentNoIv.getKeyLocator().getType() != net.named_data.jndn.KeyLocatorType.NONE); Assert.AssertTrue(rsaOaepContentNoIv.getKeyLocator().getKeyName() .equals(new Name("/test/key/locator"))); // Encoding. Blob encryptedBlob2 = new Blob(encryptedNoIv, false); Blob encodedNoIV = rsaOaepContentNoIv.wireEncode(); Assert.AssertTrue(encryptedBlob2.equals(encodedNoIV)); // Decoding. EncryptedContent rsaOaepContentNoIv2 = new EncryptedContent(); rsaOaepContentNoIv2.wireDecode(encryptedBlob2); Assert.AssertEquals(net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaOaep, rsaOaepContentNoIv2.getAlgorithmType()); Assert.AssertTrue(rsaOaepContentNoIv2.getPayload().equals( new Blob(message, false))); Assert.AssertTrue(rsaOaepContentNoIv2.getInitialVector().isNull()); Assert.AssertTrue(rsaOaepContentNoIv2.getKeyLocator().getType() != net.named_data.jndn.KeyLocatorType.NONE); Assert.AssertTrue(rsaOaepContentNoIv2.getKeyLocator().getKeyName() .equals(new Name("/test/key/locator"))); }
public void testSetterGetter() { EncryptedContent content = new EncryptedContent(); Assert.AssertEquals(net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.NONE, content.getAlgorithmType()); Assert.AssertEquals(true, content.getPayload().isNull()); Assert.AssertEquals(true, content.getInitialVector().isNull()); Assert.AssertEquals(net.named_data.jndn.KeyLocatorType.NONE, content.getKeyLocator().getType()); content.setAlgorithmType(net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaOaep); Assert.AssertEquals(net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaOaep, content.getAlgorithmType()); Assert.AssertEquals(true, content.getPayload().isNull()); Assert.AssertEquals(true, content.getInitialVector().isNull()); Assert.AssertEquals(net.named_data.jndn.KeyLocatorType.NONE, content.getKeyLocator().getType()); KeyLocator keyLocator = new KeyLocator(); keyLocator.setType(net.named_data.jndn.KeyLocatorType.KEYNAME); keyLocator.getKeyName().set("/test/key/locator"); content.setKeyLocator(keyLocator); Assert.AssertTrue(content.getKeyLocator().getType() != net.named_data.jndn.KeyLocatorType.NONE); Assert.AssertTrue(content.getKeyLocator().getKeyName() .equals(new Name("/test/key/locator"))); Assert.AssertEquals(true, content.getPayload().isNull()); Assert.AssertEquals(true, content.getInitialVector().isNull()); content.setPayload(new Blob(message, false)); Assert.AssertTrue(content.getPayload().equals(new Blob(message, false))); content.setInitialVector(new Blob(iv, false)); Assert.AssertTrue(content.getInitialVector().equals(new Blob(iv, false))); Blob encoded = content.wireEncode(); Blob contentBlob = new Blob(encrypted, false); Assert.AssertTrue(contentBlob.equals(encoded)); }
/// <summary> /// Check if the given Data packet can satisfy this Interest. This method /// considers the Name, MinSuffixComponents, MaxSuffixComponents, /// PublisherPublicKeyLocator, and Exclude. It does not consider the /// ChildSelector or MustBeFresh. This uses the given wireFormat to get the /// Data packet encoding for the full Name. /// </summary> /// /// <param name="data">The Data packet to check.</param> /// <param name="wireFormat"></param> /// <returns>True if the given Data packet can satisfy this Interest.</returns> public bool matchesData(Data data, WireFormat wireFormat) { // Imitate ndn-cxx Interest::matchesData. int interestNameLength = getName().size(); Name dataName = data.getName(); int fullNameLength = dataName.size() + 1; // Check MinSuffixComponents. bool hasMinSuffixComponents = getMinSuffixComponents() >= 0; int minSuffixComponents = (hasMinSuffixComponents) ? getMinSuffixComponents() : 0; if (!(interestNameLength + minSuffixComponents <= fullNameLength)) { return(false); } // Check MaxSuffixComponents. bool hasMaxSuffixComponents = getMaxSuffixComponents() >= 0; if (hasMaxSuffixComponents && !(interestNameLength + getMaxSuffixComponents() >= fullNameLength)) { return(false); } // Check the prefix. if (interestNameLength == fullNameLength) { if (getName().get(-1).isImplicitSha256Digest()) { if (!getName().equals(data.getFullName(wireFormat))) { return(false); } } else { // The Interest Name is the same length as the Data full Name, but the // last component isn't a digest so there's no possibility of matching. return(false); } } else { // The Interest Name should be a strict prefix of the Data full Name, if (!getName().isPrefixOf(dataName)) { return(false); } } // Check the Exclude. // The Exclude won't be violated if the Interest Name is the same as the // Data full Name. if (getExclude().size() > 0 && fullNameLength > interestNameLength) { if (interestNameLength == fullNameLength - 1) { // The component to exclude is the digest. if (getExclude().matches( data.getFullName(wireFormat).get(interestNameLength))) { return(false); } } else { // The component to exclude is not the digest. if (getExclude().matches(dataName.get(interestNameLength))) { return(false); } } } // Check the KeyLocator. KeyLocator publisherPublicKeyLocator = getKeyLocator(); if (publisherPublicKeyLocator.getType() != net.named_data.jndn.KeyLocatorType.NONE) { Signature signature = data.getSignature(); if (!net.named_data.jndn.KeyLocator.canGetFromSignature(signature)) { // No KeyLocator in the Data packet. return(false); } if (!publisherPublicKeyLocator.equals(net.named_data.jndn.KeyLocator .getFromSignature(signature))) { return(false); } } return(true); }
/** * Loop to encode a data packet nIterations times. * @param nIterations The number of iterations. * @param useComplex If true, use a large name, large content and all fields. * If false, use a small name, small content * and only required fields. * @param useCrypto If true, sign the data packet. If false, use a blank * signature. * @param keyType KeyType.RSA or EC, used if useCrypto is true. * @param encoding Set encoding[0] to the wire encoding. * @return The number of seconds for all iterations. */ private static double benchmarkEncodeDataSeconds(int nIterations, bool useComplex, bool useCrypto, KeyType keyType, Blob[] encoding) { Name name; Blob content; if (useComplex) { // Use a large name and content. name = new Name ("/ndn/ucla.edu/apps/lwndn-test/numbers.txt/%FD%05%05%E8%0C%CE%1D/%00"); StringBuilder contentStream = new StringBuilder(); int count = 1; contentStream.append(count++); while (contentStream.toString().Length < 1115) contentStream.append(" ").append(count++); content = new Blob(contentStream.toString()); } else { // Use a small name and content. name = new Name("/test"); content = new Blob("abc"); } Name.Component finalBlockId = new Name.Component(new Blob(new byte[] { (byte)0 })); // Initialize the KeyChain storage in case useCrypto is true. MemoryIdentityStorage identityStorage = new MemoryIdentityStorage(); MemoryPrivateKeyStorage privateKeyStorage = new MemoryPrivateKeyStorage(); KeyChain keyChain = new KeyChain (new IdentityManager(identityStorage, privateKeyStorage), new SelfVerifyPolicyManager(identityStorage)); Name keyName = new Name("/testname/DSK-123"); Name certificateName = keyName.getSubName(0, keyName.size() - 1).append ("KEY").append(keyName.get(-1)).append("ID-CERT").append("0"); privateKeyStorage.setKeyPairForKeyName (keyName, KeyType.RSA, new ByteBuffer(DEFAULT_RSA_PUBLIC_KEY_DER), new ByteBuffer(DEFAULT_RSA_PRIVATE_KEY_DER)); Blob signatureBits = new Blob(new byte[256]); Blob emptyBlob = new Blob(new byte[0]); double start = getNowSeconds(); for (int i = 0; i < nIterations; ++i) { Data data = new Data(name); data.setContent(content); if (useComplex) { data.getMetaInfo().setFreshnessPeriod(30000); data.getMetaInfo().setFinalBlockId(finalBlockId); } if (useCrypto) // This sets the signature fields. keyChain.sign(data, certificateName); else { // Imitate IdentityManager.signByCertificate to set up the signature // fields, but don't sign. KeyLocator keyLocator = new KeyLocator(); keyLocator.setType(KeyLocatorType.KEYNAME); keyLocator.setKeyName(certificateName); Sha256WithRsaSignature sha256Signature = (Sha256WithRsaSignature)data.getSignature(); sha256Signature.setKeyLocator(keyLocator); sha256Signature.setSignature(signatureBits); } encoding[0] = data.wireEncode(); } double finish = getNowSeconds(); return finish - start; }
/// <summary> /// Check if this key locator has the same values as the given key locator. /// </summary> /// /// <param name="other">The other key locator to check.</param> /// <returns>true if the key locators are equal, otherwise false.</returns> public bool equals(KeyLocator other) { if (type_ != other.type_) return false; if (type_ == net.named_data.jndn.KeyLocatorType.KEYNAME) { if (!getKeyName().equals(other.getKeyName())) return false; } else if (type_ == net.named_data.jndn.KeyLocatorType.KEY_LOCATOR_DIGEST) { if (!getKeyData().equals(other.getKeyData())) return false; } return true; }
/// <summary> /// Look in the IdentityStorage for the public key with the name in the /// KeyLocator (if available). If the public key can't be found, return an /// empty Blob. /// </summary> /// /// <param name="keyLocator">The KeyLocator.</param> /// <param name="failureReason"></param> /// <returns>The public key DER or an empty Blob if not found.</returns> private Blob getPublicKeyDer(KeyLocator keyLocator, String[] failureReason) { if (keyLocator.getType() == net.named_data.jndn.KeyLocatorType.KEYNAME && identityStorage_ != null) { try { // Assume the key name is a certificate name. return identityStorage_ .getKey(net.named_data.jndn.security.certificate.IdentityCertificate .certificateNameToPublicKeyName(keyLocator .getKeyName())); } catch (SecurityException ex) { failureReason[0] = "The identityStorage doesn't have the key named " + keyLocator.getKeyName().toUri(); return new Blob(); } } else { // Can't find a key to verify. failureReason[0] = "The signature KeyLocator doesn't have a key name"; return new Blob(); } }
/// <summary> /// Set the key locator. /// </summary> /// /// <param name="keyLocator"></param> /// <returns>This EncryptedContent so that you can chain calls to update values.</returns> public EncryptedContent setKeyLocator(KeyLocator keyLocator) { keyLocator_ = (keyLocator == null) ? new KeyLocator() : new KeyLocator( keyLocator); return this; }