/// <summary>
/// Decrypt the encryptedData using the keyBits according the encrypt params.
/// </summary>
///
/// <param name="keyBits">The key value.</param>
/// <param name="encryptedData">The data to decrypt.</param>
/// <param name="params"></param>
/// <returns>The decrypted data.</returns>
public static Blob decrypt(Blob keyBits, Blob encryptedData,
EncryptParams paras)
{
if (paras.getAlgorithmType() == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesEcb)
{
Cipher cipher = javax.crypto.Cipher.getInstance("AES/ECB/PKCS5PADDING");
cipher.init(javax.crypto.Cipher.DECRYPT_MODE,
new SecretKeySpec(keyBits.getImmutableArray(), "AES"));
return(new Blob(cipher.doFinal(encryptedData.getImmutableArray()),
false));
}
else if (paras.getAlgorithmType() == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesCbc)
{
if (paras.getInitialVector().size() != BLOCK_SIZE)
{
throw new Exception("incorrect initial vector size");
}
Cipher cipher_0 = javax.crypto.Cipher.getInstance("AES/CBC/PKCS5PADDING");
cipher_0.init(javax.crypto.Cipher.DECRYPT_MODE,
new SecretKeySpec(keyBits.getImmutableArray(), "AES"),
new IvParameterSpec(paras.getInitialVector()
.getImmutableArray()));
return(new Blob(cipher_0.doFinal(encryptedData.getImmutableArray()),
false));
}
else
{
throw new Exception("unsupported encryption mode");
}
}
/// <summary>
/// Decrypt the encryptedData using the keyBits according the encrypt params.
/// </summary>
///
/// <param name="keyBits">The key value (PKCS8-encoded private key).</param>
/// <param name="encryptedData">The data to decrypt.</param>
/// <param name="params">This decrypts according to params.getAlgorithmType().</param>
/// <returns>The decrypted data.</returns>
public static Blob decrypt(Blob keyBits, Blob encryptedData,
EncryptParams paras)
{
PrivateKey privateKey = keyFactory_
.generatePrivate(new PKCS8EncodedKeySpec(keyBits
.getImmutableArray()));
String transformation;
if (paras.getAlgorithmType() == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaPkcs)
{
transformation = "RSA/ECB/PKCS1Padding";
}
else if (paras.getAlgorithmType() == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaOaep)
{
transformation = "RSA/ECB/OAEPWithSHA-1AndMGF1Padding";
}
else
{
throw new Exception("unsupported padding scheme");
}
Cipher cipher = javax.crypto.Cipher.getInstance(transformation);
cipher.init(javax.crypto.Cipher.DECRYPT_MODE, privateKey);
return(new Blob(cipher.doFinal(encryptedData.getImmutableArray()),
false));
}
/// <summary>
/// Encrypt the payload using the asymmetric key according to params, and
/// return an EncryptedContent.
/// </summary>
///
/// <param name="payload"></param>
/// <param name="key">The key value.</param>
/// <param name="keyName">The key name for the EncryptedContent key locator.</param>
/// <param name="params">The parameters for encryption.</param>
/// <returns>A new EncryptedContent.</returns>
private static EncryptedContent encryptAsymmetric(Blob payload, Blob key,
Name keyName, EncryptParams paras)
{
EncryptAlgorithmType algorithmType = paras.getAlgorithmType();
KeyLocator keyLocator = new KeyLocator();
keyLocator.setType(net.named_data.jndn.KeyLocatorType.KEYNAME);
keyLocator.setKeyName(keyName);
if (algorithmType == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaPkcs ||
algorithmType == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaOaep)
{
Blob encryptedPayload = net.named_data.jndn.encrypt.algo.RsaAlgorithm.encrypt(key, payload, paras);
EncryptedContent result = new EncryptedContent();
result.setAlgorithmType(algorithmType);
result.setKeyLocator(keyLocator);
result.setPayload(encryptedPayload);
return(result);
}
else
{
throw new Exception("Unsupported encryption method");
}
}
/// <summary>
/// Encrypt the payload using the symmetric key according to params, and return
/// an EncryptedContent.
/// </summary>
///
/// <param name="payload">The data to encrypt.</param>
/// <param name="key">The key value.</param>
/// <param name="keyName">The key name for the EncryptedContent key locator.</param>
/// <param name="params">The parameters for encryption.</param>
/// <returns>A new EncryptedContent.</returns>
private static EncryptedContent encryptSymmetric(Blob payload, Blob key,
Name keyName, EncryptParams paras)
{
EncryptAlgorithmType algorithmType = paras.getAlgorithmType();
Blob initialVector = paras.getInitialVector();
KeyLocator keyLocator = new KeyLocator();
keyLocator.setType(net.named_data.jndn.KeyLocatorType.KEYNAME);
keyLocator.setKeyName(keyName);
if (algorithmType == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesCbc ||
algorithmType == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesEcb)
{
if (algorithmType == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesCbc)
{
if (initialVector.size() != net.named_data.jndn.encrypt.algo.AesAlgorithm.BLOCK_SIZE)
{
throw new Exception("incorrect initial vector size");
}
}
Blob encryptedPayload = net.named_data.jndn.encrypt.algo.AesAlgorithm.encrypt(key, payload, paras);
EncryptedContent result = new EncryptedContent();
result.setAlgorithmType(algorithmType);
result.setKeyLocator(keyLocator);
result.setPayload(encryptedPayload);
result.setInitialVector(initialVector);
return(result);
}
else
{
throw new Exception("Unsupported encryption method");
}
}
/// <summary>
/// Encrypt the plainData using the keyBits according the encrypt params.
/// </summary>
///
/// <param name="keyBits">The key value (DER-encoded public key).</param>
/// <param name="plainData">The data to encrypt.</param>
/// <param name="params">This encrypts according to params.getAlgorithmType().</param>
/// <returns>The encrypted data.</returns>
public static Blob encrypt(Blob keyBits, Blob plainData,
EncryptParams paras)
{
try {
return(new PublicKey(keyBits).encrypt(plainData,
paras.getAlgorithmType()));
} catch (UnrecognizedKeyFormatException ex) {
throw new InvalidKeyException(ex.Message);
}
}
/// <summary>
/// Decrypt the encryptedData using the keyBits according the encrypt params.
/// </summary>
///
/// <param name="keyBits">The key value (PKCS8-encoded private key).</param>
/// <param name="encryptedData">The data to decrypt.</param>
/// <param name="params">This decrypts according to params.getAlgorithmType().</param>
/// <returns>The decrypted data.</returns>
public static Blob decrypt(Blob keyBits, Blob encryptedData,
EncryptParams paras)
{
PrivateKey privateKey = keyFactory_
.generatePrivate(new PKCS8EncodedKeySpec(keyBits
.getImmutableArray()));
String transformation;
if (paras.getAlgorithmType() == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaPkcs)
transformation = "RSA/ECB/PKCS1Padding";
else if (paras.getAlgorithmType() == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaOaep)
transformation = "RSA/ECB/OAEPWithSHA-1AndMGF1Padding";
else
throw new Exception("unsupported padding scheme");
Cipher cipher = javax.crypto.Cipher.getInstance(transformation);
cipher.init(javax.crypto.Cipher.DECRYPT_MODE, privateKey);
return new Blob(cipher.doFinal(encryptedData.getImmutableArray()),
false);
}
/// <summary>
/// Prepare an encrypted data packet by encrypting the payload using the key
/// according to the params. In addition, this prepares the encoded
/// EncryptedContent with the encryption result using keyName and params. The
/// encoding is set as the content of the data packet. If params defines an
/// asymmetric encryption algorithm and the payload is larger than the maximum
/// plaintext size, this encrypts the payload with a symmetric key that is
/// asymmetrically encrypted and provided as a nonce in the content of the data
/// packet. The packet's /{dataName}/ is updated to be
/// /{dataName}/FOR/{keyName}
/// </summary>
///
/// <param name="data">The data packet which is updated.</param>
/// <param name="payload">The payload to encrypt.</param>
/// <param name="keyName">The key name for the EncryptedContent.</param>
/// <param name="key">The encryption key value.</param>
/// <param name="params">The parameters for encryption.</param>
public static void encryptData(Data data, Blob payload, Name keyName,
Blob key, EncryptParams paras)
{
data.getName().append(NAME_COMPONENT_FOR).append(keyName);
EncryptAlgorithmType algorithmType = paras.getAlgorithmType();
if (algorithmType == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesCbc
|| algorithmType == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesEcb) {
EncryptedContent content = encryptSymmetric(payload, key, keyName,
paras);
data.setContent(content.wireEncode(net.named_data.jndn.encoding.TlvWireFormat.get()));
} else if (algorithmType == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaPkcs
|| algorithmType == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaOaep) {
// Java doesn't have a direct way to get the maximum plain text size, so
// try to encrypt the payload first and catch the error if it is too big.
try {
EncryptedContent content_0 = encryptAsymmetric(payload, key,
keyName, paras);
data.setContent(content_0.wireEncode(net.named_data.jndn.encoding.TlvWireFormat.get()));
return;
} catch (IllegalBlockSizeException ex) {
// The payload is larger than the maximum plaintext size. Continue.
}
// 128-bit nonce.
ByteBuffer nonceKeyBuffer = ILOG.J2CsMapping.NIO.ByteBuffer.allocate(16);
net.named_data.jndn.util.Common.getRandom().nextBytes(nonceKeyBuffer.array());
Blob nonceKey = new Blob(nonceKeyBuffer, false);
Name nonceKeyName = new Name(keyName);
nonceKeyName.append("nonce");
EncryptParams symmetricParams = new EncryptParams(
net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesCbc, net.named_data.jndn.encrypt.algo.AesAlgorithm.BLOCK_SIZE);
EncryptedContent nonceContent = encryptSymmetric(payload, nonceKey,
nonceKeyName, symmetricParams);
EncryptedContent payloadContent = encryptAsymmetric(nonceKey, key,
keyName, paras);
Blob nonceContentEncoding = nonceContent.wireEncode();
Blob payloadContentEncoding = payloadContent.wireEncode();
ByteBuffer content_1 = ILOG.J2CsMapping.NIO.ByteBuffer.allocate(nonceContentEncoding
.size() + payloadContentEncoding.size());
content_1.put(payloadContentEncoding.buf());
content_1.put(nonceContentEncoding.buf());
content_1.flip();
data.setContent(new Blob(content_1, false));
} else
throw new Exception("Unsupported encryption method");
}
/// <summary>
/// Decrypt the encryptedData using the keyBits according the encrypt params.
/// </summary>
///
/// <param name="keyBits">The key value.</param>
/// <param name="encryptedData">The data to decrypt.</param>
/// <param name="params"></param>
/// <returns>The decrypted data.</returns>
public static Blob decrypt(Blob keyBits, Blob encryptedData,
EncryptParams paras)
{
if (paras.getAlgorithmType() == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesEcb) {
Cipher cipher = javax.crypto.Cipher.getInstance("AES/ECB/PKCS5PADDING");
cipher.init(javax.crypto.Cipher.DECRYPT_MODE,
new SecretKeySpec(keyBits.getImmutableArray(), "AES"));
return new Blob(cipher.doFinal(encryptedData.getImmutableArray()),
false);
} else if (paras.getAlgorithmType() == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesCbc) {
if (paras.getInitialVector().size() != BLOCK_SIZE)
throw new Exception("incorrect initial vector size");
Cipher cipher_0 = javax.crypto.Cipher.getInstance("AES/CBC/PKCS5PADDING");
cipher_0.init(javax.crypto.Cipher.DECRYPT_MODE,
new SecretKeySpec(keyBits.getImmutableArray(), "AES"),
new IvParameterSpec(paras.getInitialVector()
.getImmutableArray()));
return new Blob(cipher_0.doFinal(encryptedData.getImmutableArray()),
false);
} else
throw new Exception("unsupported encryption mode");
}
/// <summary>
/// Decrypt the encryptedData using the keyBits according the encrypt params.
/// </summary>
///
/// <param name="keyBits">The key value (PKCS8-encoded private key).</param>
/// <param name="encryptedData">The data to decrypt.</param>
/// <param name="params">This decrypts according to params.getAlgorithmType().</param>
/// <returns>The decrypted data.</returns>
public static Blob decrypt(Blob keyBits, Blob encryptedData,
EncryptParams paras)
{
TpmPrivateKey privateKey = new TpmPrivateKey();
try {
privateKey.loadPkcs8(keyBits.buf());
} catch (TpmPrivateKey.Error ex) {
throw new SecurityException("decrypt: Error in loadPkcs8: " + ex);
}
try {
return(privateKey.decrypt(encryptedData.buf(),
paras.getAlgorithmType()));
} catch (TpmPrivateKey.Error ex_0) {
throw new SecurityException("decrypt: Error in decrypt: " + ex_0);
}
}
/// <summary>
/// Prepare an encrypted data packet by encrypting the payload using the key
/// according to the params. In addition, this prepares the encoded
/// EncryptedContent with the encryption result using keyName and params. The
/// encoding is set as the content of the data packet. If params defines an
/// asymmetric encryption algorithm and the payload is larger than the maximum
/// plaintext size, this encrypts the payload with a symmetric key that is
/// asymmetrically encrypted and provided as a nonce in the content of the data
/// packet. The packet's /{dataName}/ is updated to be
/// /{dataName}/FOR/{keyName}
/// </summary>
///
/// <param name="data">The data packet which is updated.</param>
/// <param name="payload">The payload to encrypt.</param>
/// <param name="keyName">The key name for the EncryptedContent.</param>
/// <param name="key">The encryption key value.</param>
/// <param name="params">The parameters for encryption.</param>
public static void encryptData(Data data, Blob payload, Name keyName,
Blob key, EncryptParams paras)
{
Name dataName = data.getName();
dataName.append(NAME_COMPONENT_FOR).append(keyName);
data.setName(dataName);
EncryptAlgorithmType algorithmType = paras.getAlgorithmType();
if (algorithmType == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesCbc ||
algorithmType == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesEcb)
{
EncryptedContent content = encryptSymmetric(payload, key, keyName,
paras);
data.setContent(content.wireEncode(net.named_data.jndn.encoding.TlvWireFormat.get()));
}
else if (algorithmType == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaPkcs ||
algorithmType == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaOaep)
{
// Java doesn't have a direct way to get the maximum plain text size, so
// try to encrypt the payload first and catch the error if it is too big.
try {
EncryptedContent content_0 = encryptAsymmetric(payload, key,
keyName, paras);
data.setContent(content_0.wireEncode(net.named_data.jndn.encoding.TlvWireFormat.get()));
return;
} catch (IllegalBlockSizeException ex) {
// The payload is larger than the maximum plaintext size. Continue.
}
// 128-bit nonce.
ByteBuffer nonceKeyBuffer = ILOG.J2CsMapping.NIO.ByteBuffer.allocate(16);
net.named_data.jndn.util.Common.getRandom().nextBytes(nonceKeyBuffer.array());
Blob nonceKey = new Blob(nonceKeyBuffer, false);
Name nonceKeyName = new Name(keyName);
nonceKeyName.append("nonce");
EncryptParams symmetricParams = new EncryptParams(
net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesCbc, net.named_data.jndn.encrypt.algo.AesAlgorithm.BLOCK_SIZE);
EncryptedContent nonceContent = encryptSymmetric(payload, nonceKey,
nonceKeyName, symmetricParams);
EncryptedContent payloadContent = encryptAsymmetric(nonceKey, key,
keyName, paras);
Blob nonceContentEncoding = nonceContent.wireEncode();
Blob payloadContentEncoding = payloadContent.wireEncode();
ByteBuffer content_1 = ILOG.J2CsMapping.NIO.ByteBuffer.allocate(nonceContentEncoding
.size() + payloadContentEncoding.size());
content_1.put(payloadContentEncoding.buf());
content_1.put(nonceContentEncoding.buf());
content_1.flip();
data.setContent(new Blob(content_1, false));
}
else
{
throw new Exception("Unsupported encryption method");
}
}
/// <summary>
/// Encrypt the payload using the symmetric key according to params, and return
/// an EncryptedContent.
/// </summary>
///
/// <param name="payload">The data to encrypt.</param>
/// <param name="key">The key value.</param>
/// <param name="keyName">The key name for the EncryptedContent key locator.</param>
/// <param name="params">The parameters for encryption.</param>
/// <returns>A new EncryptedContent.</returns>
private static EncryptedContent encryptSymmetric(Blob payload, Blob key,
Name keyName, EncryptParams paras)
{
EncryptAlgorithmType algorithmType = paras.getAlgorithmType();
Blob initialVector = paras.getInitialVector();
KeyLocator keyLocator = new KeyLocator();
keyLocator.setType(net.named_data.jndn.KeyLocatorType.KEYNAME);
keyLocator.setKeyName(keyName);
if (algorithmType == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesCbc
|| algorithmType == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesEcb) {
if (algorithmType == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesCbc) {
if (initialVector.size() != net.named_data.jndn.encrypt.algo.AesAlgorithm.BLOCK_SIZE)
throw new Exception("incorrect initial vector size");
}
Blob encryptedPayload = net.named_data.jndn.encrypt.algo.AesAlgorithm.encrypt(key, payload, paras);
EncryptedContent result = new EncryptedContent();
result.setAlgorithmType(algorithmType);
result.setKeyLocator(keyLocator);
result.setPayload(encryptedPayload);
result.setInitialVector(initialVector);
return result;
} else
throw new Exception("Unsupported encryption method");
}
/// <summary>
/// Encrypt the payload using the asymmetric key according to params, and
/// return an EncryptedContent.
/// </summary>
///
/// <param name="payload"></param>
/// <param name="key">The key value.</param>
/// <param name="keyName">The key name for the EncryptedContent key locator.</param>
/// <param name="params">The parameters for encryption.</param>
/// <returns>A new EncryptedContent.</returns>
private static EncryptedContent encryptAsymmetric(Blob payload, Blob key,
Name keyName, EncryptParams paras)
{
EncryptAlgorithmType algorithmType = paras.getAlgorithmType();
KeyLocator keyLocator = new KeyLocator();
keyLocator.setType(net.named_data.jndn.KeyLocatorType.KEYNAME);
keyLocator.setKeyName(keyName);
if (algorithmType == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaPkcs
|| algorithmType == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaOaep) {
Blob encryptedPayload = net.named_data.jndn.encrypt.algo.RsaAlgorithm.encrypt(key, payload, paras);
EncryptedContent result = new EncryptedContent();
result.setAlgorithmType(algorithmType);
result.setKeyLocator(keyLocator);
result.setPayload(encryptedPayload);
return result;
} else
throw new Exception("Unsupported encryption method");
}
