/// <summary> /// Decrypt the encryptedData using the keyBits according the encrypt params. /// </summary> /// /// <param name="keyBits">The key value.</param> /// <param name="encryptedData">The data to decrypt.</param> /// <param name="params"></param> /// <returns>The decrypted data.</returns> public static Blob decrypt(Blob keyBits, Blob encryptedData, EncryptParams paras) { if (paras.getAlgorithmType() == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesEcb) { Cipher cipher = javax.crypto.Cipher.getInstance("AES/ECB/PKCS5PADDING"); cipher.init(javax.crypto.Cipher.DECRYPT_MODE, new SecretKeySpec(keyBits.getImmutableArray(), "AES")); return(new Blob(cipher.doFinal(encryptedData.getImmutableArray()), false)); } else if (paras.getAlgorithmType() == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesCbc) { if (paras.getInitialVector().size() != BLOCK_SIZE) { throw new Exception("incorrect initial vector size"); } Cipher cipher_0 = javax.crypto.Cipher.getInstance("AES/CBC/PKCS5PADDING"); cipher_0.init(javax.crypto.Cipher.DECRYPT_MODE, new SecretKeySpec(keyBits.getImmutableArray(), "AES"), new IvParameterSpec(paras.getInitialVector() .getImmutableArray())); return(new Blob(cipher_0.doFinal(encryptedData.getImmutableArray()), false)); } else { throw new Exception("unsupported encryption mode"); } }
/// <summary> /// Decrypt the encryptedData using the keyBits according the encrypt params. /// </summary> /// /// <param name="keyBits">The key value (PKCS8-encoded private key).</param> /// <param name="encryptedData">The data to decrypt.</param> /// <param name="params">This decrypts according to params.getAlgorithmType().</param> /// <returns>The decrypted data.</returns> public static Blob decrypt(Blob keyBits, Blob encryptedData, EncryptParams paras) { PrivateKey privateKey = keyFactory_ .generatePrivate(new PKCS8EncodedKeySpec(keyBits .getImmutableArray())); String transformation; if (paras.getAlgorithmType() == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaPkcs) { transformation = "RSA/ECB/PKCS1Padding"; } else if (paras.getAlgorithmType() == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaOaep) { transformation = "RSA/ECB/OAEPWithSHA-1AndMGF1Padding"; } else { throw new Exception("unsupported padding scheme"); } Cipher cipher = javax.crypto.Cipher.getInstance(transformation); cipher.init(javax.crypto.Cipher.DECRYPT_MODE, privateKey); return(new Blob(cipher.doFinal(encryptedData.getImmutableArray()), false)); }
/// <summary> /// Encrypt the payload using the asymmetric key according to params, and /// return an EncryptedContent. /// </summary> /// /// <param name="payload"></param> /// <param name="key">The key value.</param> /// <param name="keyName">The key name for the EncryptedContent key locator.</param> /// <param name="params">The parameters for encryption.</param> /// <returns>A new EncryptedContent.</returns> private static EncryptedContent encryptAsymmetric(Blob payload, Blob key, Name keyName, EncryptParams paras) { EncryptAlgorithmType algorithmType = paras.getAlgorithmType(); KeyLocator keyLocator = new KeyLocator(); keyLocator.setType(net.named_data.jndn.KeyLocatorType.KEYNAME); keyLocator.setKeyName(keyName); if (algorithmType == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaPkcs || algorithmType == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaOaep) { Blob encryptedPayload = net.named_data.jndn.encrypt.algo.RsaAlgorithm.encrypt(key, payload, paras); EncryptedContent result = new EncryptedContent(); result.setAlgorithmType(algorithmType); result.setKeyLocator(keyLocator); result.setPayload(encryptedPayload); return(result); } else { throw new Exception("Unsupported encryption method"); } }
/// <summary> /// Encrypt the payload using the symmetric key according to params, and return /// an EncryptedContent. /// </summary> /// /// <param name="payload">The data to encrypt.</param> /// <param name="key">The key value.</param> /// <param name="keyName">The key name for the EncryptedContent key locator.</param> /// <param name="params">The parameters for encryption.</param> /// <returns>A new EncryptedContent.</returns> private static EncryptedContent encryptSymmetric(Blob payload, Blob key, Name keyName, EncryptParams paras) { EncryptAlgorithmType algorithmType = paras.getAlgorithmType(); Blob initialVector = paras.getInitialVector(); KeyLocator keyLocator = new KeyLocator(); keyLocator.setType(net.named_data.jndn.KeyLocatorType.KEYNAME); keyLocator.setKeyName(keyName); if (algorithmType == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesCbc || algorithmType == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesEcb) { if (algorithmType == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesCbc) { if (initialVector.size() != net.named_data.jndn.encrypt.algo.AesAlgorithm.BLOCK_SIZE) { throw new Exception("incorrect initial vector size"); } } Blob encryptedPayload = net.named_data.jndn.encrypt.algo.AesAlgorithm.encrypt(key, payload, paras); EncryptedContent result = new EncryptedContent(); result.setAlgorithmType(algorithmType); result.setKeyLocator(keyLocator); result.setPayload(encryptedPayload); result.setInitialVector(initialVector); return(result); } else { throw new Exception("Unsupported encryption method"); } }
/// <summary> /// Encrypt the plainData using the keyBits according the encrypt params. /// </summary> /// /// <param name="keyBits">The key value (DER-encoded public key).</param> /// <param name="plainData">The data to encrypt.</param> /// <param name="params">This encrypts according to params.getAlgorithmType().</param> /// <returns>The encrypted data.</returns> public static Blob encrypt(Blob keyBits, Blob plainData, EncryptParams paras) { try { return(new PublicKey(keyBits).encrypt(plainData, paras.getAlgorithmType())); } catch (UnrecognizedKeyFormatException ex) { throw new InvalidKeyException(ex.Message); } }
/// <summary> /// Decrypt the encryptedData using the keyBits according the encrypt params. /// </summary> /// /// <param name="keyBits">The key value (PKCS8-encoded private key).</param> /// <param name="encryptedData">The data to decrypt.</param> /// <param name="params">This decrypts according to params.getAlgorithmType().</param> /// <returns>The decrypted data.</returns> public static Blob decrypt(Blob keyBits, Blob encryptedData, EncryptParams paras) { PrivateKey privateKey = keyFactory_ .generatePrivate(new PKCS8EncodedKeySpec(keyBits .getImmutableArray())); String transformation; if (paras.getAlgorithmType() == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaPkcs) transformation = "RSA/ECB/PKCS1Padding"; else if (paras.getAlgorithmType() == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaOaep) transformation = "RSA/ECB/OAEPWithSHA-1AndMGF1Padding"; else throw new Exception("unsupported padding scheme"); Cipher cipher = javax.crypto.Cipher.getInstance(transformation); cipher.init(javax.crypto.Cipher.DECRYPT_MODE, privateKey); return new Blob(cipher.doFinal(encryptedData.getImmutableArray()), false); }
/// <summary> /// Prepare an encrypted data packet by encrypting the payload using the key /// according to the params. In addition, this prepares the encoded /// EncryptedContent with the encryption result using keyName and params. The /// encoding is set as the content of the data packet. If params defines an /// asymmetric encryption algorithm and the payload is larger than the maximum /// plaintext size, this encrypts the payload with a symmetric key that is /// asymmetrically encrypted and provided as a nonce in the content of the data /// packet. The packet's /{dataName}/ is updated to be /// /{dataName}/FOR/{keyName} /// </summary> /// /// <param name="data">The data packet which is updated.</param> /// <param name="payload">The payload to encrypt.</param> /// <param name="keyName">The key name for the EncryptedContent.</param> /// <param name="key">The encryption key value.</param> /// <param name="params">The parameters for encryption.</param> public static void encryptData(Data data, Blob payload, Name keyName, Blob key, EncryptParams paras) { data.getName().append(NAME_COMPONENT_FOR).append(keyName); EncryptAlgorithmType algorithmType = paras.getAlgorithmType(); if (algorithmType == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesCbc || algorithmType == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesEcb) { EncryptedContent content = encryptSymmetric(payload, key, keyName, paras); data.setContent(content.wireEncode(net.named_data.jndn.encoding.TlvWireFormat.get())); } else if (algorithmType == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaPkcs || algorithmType == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaOaep) { // Java doesn't have a direct way to get the maximum plain text size, so // try to encrypt the payload first and catch the error if it is too big. try { EncryptedContent content_0 = encryptAsymmetric(payload, key, keyName, paras); data.setContent(content_0.wireEncode(net.named_data.jndn.encoding.TlvWireFormat.get())); return; } catch (IllegalBlockSizeException ex) { // The payload is larger than the maximum plaintext size. Continue. } // 128-bit nonce. ByteBuffer nonceKeyBuffer = ILOG.J2CsMapping.NIO.ByteBuffer.allocate(16); net.named_data.jndn.util.Common.getRandom().nextBytes(nonceKeyBuffer.array()); Blob nonceKey = new Blob(nonceKeyBuffer, false); Name nonceKeyName = new Name(keyName); nonceKeyName.append("nonce"); EncryptParams symmetricParams = new EncryptParams( net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesCbc, net.named_data.jndn.encrypt.algo.AesAlgorithm.BLOCK_SIZE); EncryptedContent nonceContent = encryptSymmetric(payload, nonceKey, nonceKeyName, symmetricParams); EncryptedContent payloadContent = encryptAsymmetric(nonceKey, key, keyName, paras); Blob nonceContentEncoding = nonceContent.wireEncode(); Blob payloadContentEncoding = payloadContent.wireEncode(); ByteBuffer content_1 = ILOG.J2CsMapping.NIO.ByteBuffer.allocate(nonceContentEncoding .size() + payloadContentEncoding.size()); content_1.put(payloadContentEncoding.buf()); content_1.put(nonceContentEncoding.buf()); content_1.flip(); data.setContent(new Blob(content_1, false)); } else throw new Exception("Unsupported encryption method"); }
/// <summary> /// Decrypt the encryptedData using the keyBits according the encrypt params. /// </summary> /// /// <param name="keyBits">The key value.</param> /// <param name="encryptedData">The data to decrypt.</param> /// <param name="params"></param> /// <returns>The decrypted data.</returns> public static Blob decrypt(Blob keyBits, Blob encryptedData, EncryptParams paras) { if (paras.getAlgorithmType() == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesEcb) { Cipher cipher = javax.crypto.Cipher.getInstance("AES/ECB/PKCS5PADDING"); cipher.init(javax.crypto.Cipher.DECRYPT_MODE, new SecretKeySpec(keyBits.getImmutableArray(), "AES")); return new Blob(cipher.doFinal(encryptedData.getImmutableArray()), false); } else if (paras.getAlgorithmType() == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesCbc) { if (paras.getInitialVector().size() != BLOCK_SIZE) throw new Exception("incorrect initial vector size"); Cipher cipher_0 = javax.crypto.Cipher.getInstance("AES/CBC/PKCS5PADDING"); cipher_0.init(javax.crypto.Cipher.DECRYPT_MODE, new SecretKeySpec(keyBits.getImmutableArray(), "AES"), new IvParameterSpec(paras.getInitialVector() .getImmutableArray())); return new Blob(cipher_0.doFinal(encryptedData.getImmutableArray()), false); } else throw new Exception("unsupported encryption mode"); }
/// <summary> /// Decrypt the encryptedData using the keyBits according the encrypt params. /// </summary> /// /// <param name="keyBits">The key value (PKCS8-encoded private key).</param> /// <param name="encryptedData">The data to decrypt.</param> /// <param name="params">This decrypts according to params.getAlgorithmType().</param> /// <returns>The decrypted data.</returns> public static Blob decrypt(Blob keyBits, Blob encryptedData, EncryptParams paras) { TpmPrivateKey privateKey = new TpmPrivateKey(); try { privateKey.loadPkcs8(keyBits.buf()); } catch (TpmPrivateKey.Error ex) { throw new SecurityException("decrypt: Error in loadPkcs8: " + ex); } try { return(privateKey.decrypt(encryptedData.buf(), paras.getAlgorithmType())); } catch (TpmPrivateKey.Error ex_0) { throw new SecurityException("decrypt: Error in decrypt: " + ex_0); } }
/// <summary> /// Prepare an encrypted data packet by encrypting the payload using the key /// according to the params. In addition, this prepares the encoded /// EncryptedContent with the encryption result using keyName and params. The /// encoding is set as the content of the data packet. If params defines an /// asymmetric encryption algorithm and the payload is larger than the maximum /// plaintext size, this encrypts the payload with a symmetric key that is /// asymmetrically encrypted and provided as a nonce in the content of the data /// packet. The packet's /{dataName}/ is updated to be /// /{dataName}/FOR/{keyName} /// </summary> /// /// <param name="data">The data packet which is updated.</param> /// <param name="payload">The payload to encrypt.</param> /// <param name="keyName">The key name for the EncryptedContent.</param> /// <param name="key">The encryption key value.</param> /// <param name="params">The parameters for encryption.</param> public static void encryptData(Data data, Blob payload, Name keyName, Blob key, EncryptParams paras) { Name dataName = data.getName(); dataName.append(NAME_COMPONENT_FOR).append(keyName); data.setName(dataName); EncryptAlgorithmType algorithmType = paras.getAlgorithmType(); if (algorithmType == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesCbc || algorithmType == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesEcb) { EncryptedContent content = encryptSymmetric(payload, key, keyName, paras); data.setContent(content.wireEncode(net.named_data.jndn.encoding.TlvWireFormat.get())); } else if (algorithmType == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaPkcs || algorithmType == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaOaep) { // Java doesn't have a direct way to get the maximum plain text size, so // try to encrypt the payload first and catch the error if it is too big. try { EncryptedContent content_0 = encryptAsymmetric(payload, key, keyName, paras); data.setContent(content_0.wireEncode(net.named_data.jndn.encoding.TlvWireFormat.get())); return; } catch (IllegalBlockSizeException ex) { // The payload is larger than the maximum plaintext size. Continue. } // 128-bit nonce. ByteBuffer nonceKeyBuffer = ILOG.J2CsMapping.NIO.ByteBuffer.allocate(16); net.named_data.jndn.util.Common.getRandom().nextBytes(nonceKeyBuffer.array()); Blob nonceKey = new Blob(nonceKeyBuffer, false); Name nonceKeyName = new Name(keyName); nonceKeyName.append("nonce"); EncryptParams symmetricParams = new EncryptParams( net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesCbc, net.named_data.jndn.encrypt.algo.AesAlgorithm.BLOCK_SIZE); EncryptedContent nonceContent = encryptSymmetric(payload, nonceKey, nonceKeyName, symmetricParams); EncryptedContent payloadContent = encryptAsymmetric(nonceKey, key, keyName, paras); Blob nonceContentEncoding = nonceContent.wireEncode(); Blob payloadContentEncoding = payloadContent.wireEncode(); ByteBuffer content_1 = ILOG.J2CsMapping.NIO.ByteBuffer.allocate(nonceContentEncoding .size() + payloadContentEncoding.size()); content_1.put(payloadContentEncoding.buf()); content_1.put(nonceContentEncoding.buf()); content_1.flip(); data.setContent(new Blob(content_1, false)); } else { throw new Exception("Unsupported encryption method"); } }
/// <summary> /// Encrypt the payload using the symmetric key according to params, and return /// an EncryptedContent. /// </summary> /// /// <param name="payload">The data to encrypt.</param> /// <param name="key">The key value.</param> /// <param name="keyName">The key name for the EncryptedContent key locator.</param> /// <param name="params">The parameters for encryption.</param> /// <returns>A new EncryptedContent.</returns> private static EncryptedContent encryptSymmetric(Blob payload, Blob key, Name keyName, EncryptParams paras) { EncryptAlgorithmType algorithmType = paras.getAlgorithmType(); Blob initialVector = paras.getInitialVector(); KeyLocator keyLocator = new KeyLocator(); keyLocator.setType(net.named_data.jndn.KeyLocatorType.KEYNAME); keyLocator.setKeyName(keyName); if (algorithmType == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesCbc || algorithmType == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesEcb) { if (algorithmType == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesCbc) { if (initialVector.size() != net.named_data.jndn.encrypt.algo.AesAlgorithm.BLOCK_SIZE) throw new Exception("incorrect initial vector size"); } Blob encryptedPayload = net.named_data.jndn.encrypt.algo.AesAlgorithm.encrypt(key, payload, paras); EncryptedContent result = new EncryptedContent(); result.setAlgorithmType(algorithmType); result.setKeyLocator(keyLocator); result.setPayload(encryptedPayload); result.setInitialVector(initialVector); return result; } else throw new Exception("Unsupported encryption method"); }
/// <summary> /// Encrypt the payload using the asymmetric key according to params, and /// return an EncryptedContent. /// </summary> /// /// <param name="payload"></param> /// <param name="key">The key value.</param> /// <param name="keyName">The key name for the EncryptedContent key locator.</param> /// <param name="params">The parameters for encryption.</param> /// <returns>A new EncryptedContent.</returns> private static EncryptedContent encryptAsymmetric(Blob payload, Blob key, Name keyName, EncryptParams paras) { EncryptAlgorithmType algorithmType = paras.getAlgorithmType(); KeyLocator keyLocator = new KeyLocator(); keyLocator.setType(net.named_data.jndn.KeyLocatorType.KEYNAME); keyLocator.setKeyName(keyName); if (algorithmType == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaPkcs || algorithmType == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaOaep) { Blob encryptedPayload = net.named_data.jndn.encrypt.algo.RsaAlgorithm.encrypt(key, payload, paras); EncryptedContent result = new EncryptedContent(); result.setAlgorithmType(algorithmType); result.setKeyLocator(keyLocator); result.setPayload(encryptedPayload); return result; } else throw new Exception("Unsupported encryption method"); }