/// <returns>True for success, false for error (where this has called onError).</returns> internal bool decryptAndImportKdk(Data kdkData, EncryptError.OnError onError_0) { try { logger_.log(ILOG.J2CsMapping.Util.Logging.Level.INFO, "Decrypting and importing KDK {0}", kdkData.getName()); EncryptedContent encryptedContent_1 = new EncryptedContent(); encryptedContent_1.wireDecodeV2(kdkData.getContent()); SafeBag safeBag = new SafeBag(encryptedContent_1.getPayload()); Blob secret = keyChain_.getTpm().decrypt( encryptedContent_1.getPayloadKey().buf(), credentialsKey_.getName()); if (secret.isNull()) { onError_0.onError(net.named_data.jndn.encrypt.EncryptError.ErrorCode.TpmKeyNotFound, "Could not decrypt secret, " + credentialsKey_.getName().toUri() + " not found in TPM"); return(false); } internalKeyChain_.importSafeBag(safeBag, secret.buf()); return(true); } catch (Exception ex) { // This can be EncodingException, Pib.Error, Tpm.Error, or a bunch of // other runtime-derived errors. onError_0.onError(net.named_data.jndn.encrypt.EncryptError.ErrorCode.DecryptionFailure, "Failed to decrypt KDK [" + kdkData.getName().toUri() + "]: " + ex); return(false); } }
private static void doDecrypt(EncryptedContent content, Blob ckBits, DecryptorV2.DecryptSuccessCallback onSuccess_0, EncryptError.OnError onError_1) { if (!content.hasInitialVector()) { onError_1.onError( net.named_data.jndn.encrypt.EncryptError.ErrorCode.MissingRequiredInitialVector, "Expecting Initial Vector in the encrypted content, but it is not present"); return; } Blob plainData; try { Cipher cipher = javax.crypto.Cipher.getInstance("AES/CBC/PKCS5PADDING"); cipher.init(javax.crypto.Cipher.DECRYPT_MODE, new SecretKeySpec(ckBits.getImmutableArray(), "AES"), new IvParameterSpec(content.getInitialVector() .getImmutableArray())); plainData = new Blob(cipher.doFinal(content.getPayload() .getImmutableArray()), false); } catch (Exception ex) { onError_1.onError(net.named_data.jndn.encrypt.EncryptError.ErrorCode.DecryptionFailure, "Decryption error in doDecrypt: " + ex); return; } try { onSuccess_0.onSuccess(plainData); } catch (Exception exception) { logger_.log(ILOG.J2CsMapping.Util.Logging.Level.SEVERE, "Error in onSuccess", exception); } }
/// <summary> /// Encrypt the plainData using the existing Content Key (CK) and return a new /// EncryptedContent. /// </summary> /// /// <param name="plainData">The data to encrypt.</param> /// <returns>The new EncryptedContent.</returns> public EncryptedContent encrypt(byte[] plainData) { // Generate the initial vector. byte[] initialVector = new byte[AES_IV_SIZE]; net.named_data.jndn.util.Common.getRandom().nextBytes(initialVector); Cipher cipher = javax.crypto.Cipher.getInstance("AES/CBC/PKCS5PADDING"); try { cipher.init(javax.crypto.Cipher.ENCRYPT_MODE, new SecretKeySpec(ckBits_, "AES"), new IvParameterSpec(initialVector)); } catch (InvalidKeyException ex) { throw new Exception( "If the error is 'Illegal key size', try installing the " + "Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files: " + ex); } byte[] encryptedData = cipher.doFinal(plainData); EncryptedContent content = new EncryptedContent(); content.setInitialVector(new Blob(initialVector, false)); content.setPayload(new Blob(encryptedData, false)); content.setKeyLocatorName(ckName_); return(content); }
/// <summary> /// Make a CK Data packet for ckName_ encrypted by the KEK in kekData_ and /// insert it in the storage_. /// </summary> /// /// <param name="onError_0">error string.</param> /// <returns>True on success, else false.</returns> internal bool makeAndPublishCkData(net.named_data.jndn.encrypt.EncryptError.OnError onError_0) { try { PublicKey kek = new PublicKey(kekData_.getContent()); EncryptedContent content = new EncryptedContent(); content.setPayload(kek.encrypt(ckBits_, net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaOaep)); Data ckData = new Data(new Name(ckName_).append( NAME_COMPONENT_ENCRYPTED_BY).append(kekData_.getName())); ckData.setContent(content.wireEncodeV2()); // FreshnessPeriod can serve as a soft access control for revoking access. ckData.getMetaInfo().setFreshnessPeriod( DEFAULT_CK_FRESHNESS_PERIOD_MS); keyChain_.sign(ckData, ckDataSigningInfo_); storage_.insert(ckData); logger_.log(ILOG.J2CsMapping.Util.Logging.Level.INFO, "Publishing CK data: {0}", ckData.getName()); return(true); } catch (Exception ex) { onError_0.onError(net.named_data.jndn.encrypt.EncryptError.ErrorCode.EncryptionFailure, "Failed to encrypt generated CK with KEK " + kekData_.getName().toUri()); return(false); } }
public PendingDecrypt(EncryptedContent encryptedContent, DecryptorV2.DecryptSuccessCallback onSuccess, EncryptError.OnError onError_0) { this.encryptedContent = encryptedContent; this.onSuccess = onSuccess; this.onError = onError_0; }
/// <summary> /// Decrypt cKeyData. /// </summary> /// /// <param name="cKeyData">The C-KEY data packet.</param> /// <param name="onPlainText_0"></param> /// <param name="onError_1">This calls onError.onError(errorCode, message) for an error.</param> internal void decryptCKey(Data cKeyData, Consumer.OnPlainText onPlainText_0, net.named_data.jndn.encrypt.EncryptError.OnError onError_1) { // Get the encrypted content. Blob cKeyContent = cKeyData.getContent(); EncryptedContent cKeyEncryptedContent_2 = new EncryptedContent(); try { cKeyEncryptedContent_2.wireDecode(cKeyContent); } catch (EncodingException ex) { try { onError_1.onError(net.named_data.jndn.encrypt.EncryptError.ErrorCode.InvalidEncryptedFormat, ex.Message); } catch (Exception exception) { logger_.log(ILOG.J2CsMapping.Util.Logging.Level.SEVERE, "Error in onError", exception); } return; } Name eKeyName = cKeyEncryptedContent_2.getKeyLocator().getKeyName(); Name dKeyName_3 = eKeyName.getPrefix(-3); dKeyName_3.append(net.named_data.jndn.encrypt.algo.Encryptor.NAME_COMPONENT_D_KEY).append( eKeyName.getSubName(-2)); // Check if the decryption key is already in the store. Blob dKey = (Blob)ILOG.J2CsMapping.Collections.Collections.Get(dKeyMap_, dKeyName_3); if (dKey != null) { decrypt(cKeyEncryptedContent_2, dKey, onPlainText_0, onError_1); } else { // Get the D-Key Data. Name interestName = new Name(dKeyName_3); interestName.append(net.named_data.jndn.encrypt.algo.Encryptor.NAME_COMPONENT_FOR).append( consumerName_); Interest interest_4 = new Interest(interestName); // Prepare the callback functions. OnData onData_5 = new Consumer.Anonymous_C2(this, onError_1, onPlainText_0, cKeyEncryptedContent_2, dKeyName_3); OnTimeout onTimeout = new Consumer.Anonymous_C1(this, interest_4, onData_5, onError_1); // Express the Interest. try { face_.expressInterest(interest_4, onData_5, onTimeout); } catch (IOException ex_6) { try { onError_1.onError(net.named_data.jndn.encrypt.EncryptError.ErrorCode.IOException, "expressInterest error: " + ex_6.Message); } catch (Exception exception_7) { logger_.log(ILOG.J2CsMapping.Util.Logging.Level.SEVERE, "Error in onError", exception_7); } } } }
public Anonymous_C5(Consumer paramouter_Consumer, EncryptedContent dataEncryptedContent_0, net.named_data.jndn.encrypt.EncryptError.OnError onError_1, Consumer.OnPlainText onPlainText_2, Name cKeyName_3) { this.dataEncryptedContent = dataEncryptedContent_0; this.onError = onError_1; this.onPlainText = onPlainText_2; this.cKeyName = cKeyName_3; this.outer_Consumer = paramouter_Consumer; }
public Anonymous_C4(Consumer paramouter_Consumer, Consumer.OnPlainText onPlainText_0, Name dKeyName_1, net.named_data.jndn.encrypt.EncryptError.OnError onError_2, EncryptedContent cKeyEncryptedContent_3) { this.onPlainText = onPlainText_0; this.dKeyName = dKeyName_1; this.onError = onError_2; this.cKeyEncryptedContent = cKeyEncryptedContent_3; this.outer_Consumer = paramouter_Consumer; }
/// <summary> /// Create an EncryptedContent as a deep copy of the given object. /// </summary> /// /// <param name="encryptedContent">The other encryptedContent to copy.</param> public EncryptedContent(EncryptedContent encryptedContent) { this.algorithmType_ = default(EncryptAlgorithmType) /* was: null */; this.keyLocator_ = new KeyLocator(); this.initialVector_ = new Blob(); this.payload_ = new Blob(); algorithmType_ = encryptedContent.algorithmType_; keyLocator_ = new KeyLocator(encryptedContent.keyLocator_); initialVector_ = encryptedContent.initialVector_; payload_ = encryptedContent.payload_; }
/// <summary> /// Create an EncryptedContent as a deep copy of the given object. /// </summary> /// /// <param name="encryptedContent">The other encryptedContent to copy.</param> public EncryptedContent(EncryptedContent encryptedContent) { this.algorithmType_ = net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.NONE; this.keyLocator_ = new KeyLocator(); this.initialVector_ = new Blob(); this.payload_ = new Blob(); algorithmType_ = encryptedContent.algorithmType_; keyLocator_ = new KeyLocator(encryptedContent.keyLocator_); initialVector_ = encryptedContent.initialVector_; payload_ = encryptedContent.payload_; }
/// <summary> /// Create an EncryptedContent as a deep copy of the given object. /// </summary> /// /// <param name="encryptedContent">The other encryptedContent to copy.</param> public EncryptedContent(EncryptedContent encryptedContent) { this.algorithmType_ = net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.NONE; this.keyLocator_ = new KeyLocator(); this.initialVector_ = new Blob(); this.payload_ = new Blob(); this.payloadKey_ = new Blob(); algorithmType_ = encryptedContent.algorithmType_; keyLocator_ = new KeyLocator(encryptedContent.keyLocator_); initialVector_ = encryptedContent.initialVector_; payload_ = encryptedContent.payload_; }
/// <summary> /// Decrypt the data packet. /// </summary> /// /// <param name="data">The data packet.</param> /// <param name="onPlainText_0"></param> /// <param name="onError_1">This calls onError.onError(errorCode, message) for an error.</param> internal void decryptContent(Data data, Consumer.OnPlainText onPlainText_0, net.named_data.jndn.encrypt.EncryptError.OnError onError_1) { // Get the encrypted content. EncryptedContent dataEncryptedContent_2 = new EncryptedContent(); try { dataEncryptedContent_2.wireDecode(data.getContent()); } catch (EncodingException ex) { try { onError_1.onError(net.named_data.jndn.encrypt.EncryptError.ErrorCode.InvalidEncryptedFormat, ex.Message); } catch (Exception exception) { logger_.log(ILOG.J2CsMapping.Util.Logging.Level.SEVERE, "Error in onError", exception); } return; } Name cKeyName_3 = dataEncryptedContent_2.getKeyLocator().getKeyName(); // Check if the content key is already in the store. Blob cKey = (Blob)ILOG.J2CsMapping.Collections.Collections.Get(cKeyMap_, cKeyName_3); if (cKey != null) { decrypt(dataEncryptedContent_2, cKey, onPlainText_0, onError_1); } else { // Retrieve the C-KEY Data from the network. Name interestName = new Name(cKeyName_3); interestName.append(net.named_data.jndn.encrypt.algo.Encryptor.NAME_COMPONENT_FOR) .append(groupName_); Interest interest_4 = new Interest(interestName); // Prepare the callback functions. OnData onData_5 = new Consumer.Anonymous_C4(this, cKeyName_3, dataEncryptedContent_2, onPlainText_0, onError_1); OnTimeout onTimeout = new Consumer.Anonymous_C3(this, onError_1, interest_4, onData_5); // Express the Interest. try { face_.expressInterest(interest_4, onData_5, onTimeout); } catch (IOException ex_6) { try { onError_1.onError(net.named_data.jndn.encrypt.EncryptError.ErrorCode.IOException, "expressInterest error: " + ex_6.Message); } catch (Exception exception_7) { logger_.log(ILOG.J2CsMapping.Util.Logging.Level.SEVERE, "Error in onError", exception_7); } } } }
/// <summary> /// Asynchronously decrypt the encryptedContent. /// </summary> /// /// <param name="encryptedContent">the EncryptedContent object. If you may change it later, then pass in a copy of the object.</param> /// <param name="onSuccess">NOTE: The library will log any exceptions thrown by this callback, but for better error handling the callback should catch and properly handle any exceptions.</param> /// <param name="onError_0">error string. NOTE: The library will log any exceptions thrown by this callback, but for better error handling the callback should catch and properly handle any exceptions.</param> public void decrypt(EncryptedContent encryptedContent, DecryptorV2.DecryptSuccessCallback onSuccess, EncryptError.OnError onError_0) { if (encryptedContent.getKeyLocator().getType() != net.named_data.jndn.KeyLocatorType.KEYNAME) { logger_.log(ILOG.J2CsMapping.Util.Logging.Level.INFO, "Missing required KeyLocator in the supplied EncryptedContent block"); onError_0.onError(net.named_data.jndn.encrypt.EncryptError.ErrorCode.MissingRequiredKeyLocator, "Missing required KeyLocator in the supplied EncryptedContent block"); return; } if (!encryptedContent.hasInitialVector()) { logger_.log(ILOG.J2CsMapping.Util.Logging.Level.INFO, "Missing required initial vector in the supplied EncryptedContent block"); onError_0.onError( net.named_data.jndn.encrypt.EncryptError.ErrorCode.MissingRequiredInitialVector, "Missing required initial vector in the supplied EncryptedContent block"); return; } Name ckName_1 = encryptedContent.getKeyLocatorName(); DecryptorV2.ContentKey contentKey_2 = ILOG.J2CsMapping.Collections.Collections.Get(contentKeys_, ckName_1); bool isNew = (contentKey_2 == null); if (isNew) { contentKey_2 = new DecryptorV2.ContentKey(); ILOG.J2CsMapping.Collections.Collections.Put(contentKeys_, ckName_1, contentKey_2); } if (contentKey_2.isRetrieved) { doDecrypt(encryptedContent, contentKey_2.bits, onSuccess, onError_0); } else { logger_.log( ILOG.J2CsMapping.Util.Logging.Level.INFO, "CK {0} not yet available, so adding to the pending decrypt queue", ckName_1); ILOG.J2CsMapping.Collections.Collections.Add(contentKey_2.pendingDecrypts, new ContentKey.PendingDecrypt( encryptedContent, onSuccess, onError_0)); } if (isNew) { fetchCk(ckName_1, contentKey_2, onError_0, net.named_data.jndn.encrypt.EncryptorV2.N_RETRIES); } }
/// <summary> /// Authorize a member identified by memberCertificate to decrypt data under /// the policy. /// </summary> /// /// <param name="memberCertificate"></param> /// <returns>The published KDK Data packet.</returns> public Data addMember(CertificateV2 memberCertificate) { Name kdkName = new Name(nacKey_.getIdentityName()); kdkName.append(net.named_data.jndn.encrypt.EncryptorV2.NAME_COMPONENT_KDK) .append(nacKey_.getName().get(-1)) // key-id .append(net.named_data.jndn.encrypt.EncryptorV2.NAME_COMPONENT_ENCRYPTED_BY) .append(memberCertificate.getKeyName()); int secretLength = 32; byte[] secret = new byte[secretLength]; net.named_data.jndn.util.Common.getRandom().nextBytes(secret); // To be compatible with OpenSSL which uses a null-terminated string, // replace each 0 with 1. And to be compatible with the Java security // library which interprets the secret as a char array converted to UTF8, // limit each byte to the ASCII range 1 to 127. for (int i = 0; i < secretLength; ++i) { if (secret[i] == 0) { secret[i] = 1; } secret[i] &= 0x7f; } SafeBag kdkSafeBag = keyChain_.exportSafeBag( nacKey_.getDefaultCertificate(), ILOG.J2CsMapping.NIO.ByteBuffer.wrap(secret)); PublicKey memberKey = new PublicKey(memberCertificate.getPublicKey()); EncryptedContent encryptedContent = new EncryptedContent(); encryptedContent.setPayload(kdkSafeBag.wireEncode()); encryptedContent.setPayloadKey(memberKey.encrypt(secret, net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaOaep)); Data kdkData = new Data(kdkName); kdkData.setContent(encryptedContent.wireEncodeV2()); // FreshnessPeriod can serve as a soft access control for revoking access. kdkData.getMetaInfo().setFreshnessPeriod( DEFAULT_KDK_FRESHNESS_PERIOD_MS); keyChain_.sign(kdkData, new SigningInfo(identity_)); storage_.insert(kdkData); return(kdkData); }
internal void decryptCkAndProcessPendingDecrypts(DecryptorV2.ContentKey contentKey_0, Data ckData_1, Name kdkKeyName, EncryptError.OnError onError_2) { logger_.log(ILOG.J2CsMapping.Util.Logging.Level.INFO, "Decrypting CK data {0}", ckData_1.getName()); EncryptedContent content = new EncryptedContent(); try { content.wireDecodeV2(ckData_1.getContent()); } catch (Exception ex) { onError_2.onError(net.named_data.jndn.encrypt.EncryptError.ErrorCode.InvalidEncryptedFormat, "Error decrypting EncryptedContent: " + ex); return; } Blob ckBits; try { ckBits = internalKeyChain_.getTpm().decrypt( content.getPayload().buf(), kdkKeyName); } catch (Exception ex_3) { // We don't expect this from the in-memory KeyChain. onError_2.onError(net.named_data.jndn.encrypt.EncryptError.ErrorCode.DecryptionFailure, "Error decrypting the CK EncryptedContent " + ex_3); return; } if (ckBits.isNull()) { onError_2.onError(net.named_data.jndn.encrypt.EncryptError.ErrorCode.TpmKeyNotFound, "Could not decrypt secret, " + kdkKeyName.toUri() + " not found in TPM"); return; } contentKey_0.bits = ckBits; contentKey_0.isRetrieved = true; /* foreach */ foreach (ContentKey.PendingDecrypt pendingDecrypt in contentKey_0.pendingDecrypts) { // TODO: If this calls onError, should we quit? doDecrypt(pendingDecrypt.encryptedContent, contentKey_0.bits, pendingDecrypt.onSuccess, pendingDecrypt.onError); } ILOG.J2CsMapping.Collections.Collections.Clear(contentKey_0.pendingDecrypts); }
/// <summary> /// Decode encryptedBlob as an EncryptedContent and decrypt using keyBits. /// </summary> /// /// <param name="encryptedBlob">The encoded EncryptedContent to decrypt.</param> /// <param name="keyBits">The key value.</param> /// <param name="onPlainText_0"></param> /// <param name="onError_1">This calls onError.onError(errorCode, message) for an error.</param> private static void decrypt(Blob encryptedBlob, Blob keyBits, Consumer.OnPlainText onPlainText_0, net.named_data.jndn.encrypt.EncryptError.OnError onError_1) { EncryptedContent encryptedContent = new EncryptedContent(); try { encryptedContent.wireDecode(encryptedBlob); } catch (EncodingException ex) { try { onError_1.onError(net.named_data.jndn.encrypt.EncryptError.ErrorCode.InvalidEncryptedFormat, ex.Message); } catch (Exception exception) { logger_.log(ILOG.J2CsMapping.Util.Logging.Level.SEVERE, "Error in onError", exception); } return; } decrypt(encryptedContent, keyBits, onPlainText_0, onError_1); }
/// <summary> /// Decrypt the data packet. /// </summary> /// /// <param name="data">The data packet. This does not verify the packet.</param> /// <param name="onPlainText_0"></param> /// <param name="onError_1">This calls onError.onError(errorCode, message) for an error.</param> internal void decryptContent(Data data, Consumer.OnPlainText onPlainText_0, net.named_data.jndn.encrypt.EncryptError.OnError onError_1) { // Get the encrypted content. EncryptedContent dataEncryptedContent_2 = new EncryptedContent(); try { dataEncryptedContent_2.wireDecode(data.getContent()); } catch (EncodingException ex) { try { onError_1.onError(net.named_data.jndn.encrypt.EncryptError.ErrorCode.InvalidEncryptedFormat, ex.Message); } catch (Exception exception) { logger_.log(ILOG.J2CsMapping.Util.Logging.Level.SEVERE, "Error in onError", exception); } return; } Name cKeyName_3 = dataEncryptedContent_2.getKeyLocator().getKeyName(); // Check if the content key is already in the store. Blob cKey = (Blob)ILOG.J2CsMapping.Collections.Collections.Get(cKeyMap_, cKeyName_3); if (cKey != null) { decrypt(dataEncryptedContent_2, cKey, onPlainText_0, onError_1); } else { // Retrieve the C-KEY Data from the network. Name interestName = new Name(cKeyName_3); interestName.append(net.named_data.jndn.encrypt.algo.Encryptor.NAME_COMPONENT_FOR) .append(groupName_); Interest interest = new Interest(interestName); sendInterest(interest, 1, cKeyLink_, new Consumer.Anonymous_C5(this, dataEncryptedContent_2, onError_1, onPlainText_0, cKeyName_3), onError_1); } }
public Anonymous_C4(Consumer paramouter_Consumer, Name cKeyName_0, net.named_data.jndn.encrypt.EncryptError.OnError onError_1, Consumer.OnPlainText onPlainText_2, EncryptedContent dataEncryptedContent_3) { this.cKeyName = cKeyName_0; this.onError = onError_1; this.onPlainText = onPlainText_2; this.dataEncryptedContent = dataEncryptedContent_3; this.outer_Consumer = paramouter_Consumer; }
public void testSetterGetter() { EncryptedContent content = new EncryptedContent(); Assert.AssertEquals(net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.NONE, content.getAlgorithmType()); Assert.AssertEquals(true, content.getPayload().isNull()); Assert.AssertEquals(true, content.getInitialVector().isNull()); Assert.AssertEquals(net.named_data.jndn.KeyLocatorType.NONE, content.getKeyLocator().getType()); content.setAlgorithmType(net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaOaep); Assert.AssertEquals(net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaOaep, content.getAlgorithmType()); Assert.AssertEquals(true, content.getPayload().isNull()); Assert.AssertEquals(true, content.getInitialVector().isNull()); Assert.AssertEquals(net.named_data.jndn.KeyLocatorType.NONE, content.getKeyLocator().getType()); KeyLocator keyLocator = new KeyLocator(); keyLocator.setType(net.named_data.jndn.KeyLocatorType.KEYNAME); keyLocator.getKeyName().set("/test/key/locator"); content.setKeyLocator(keyLocator); Assert.AssertTrue(content.getKeyLocator().getType() != net.named_data.jndn.KeyLocatorType.NONE); Assert.AssertTrue(content.getKeyLocator().getKeyName() .equals(new Name("/test/key/locator"))); Assert.AssertEquals(true, content.getPayload().isNull()); Assert.AssertEquals(true, content.getInitialVector().isNull()); content.setPayload(new Blob(message, false)); Assert.AssertTrue(content.getPayload().equals(new Blob(message, false))); content.setInitialVector(new Blob(iv, false)); Assert.AssertTrue(content.getInitialVector().equals(new Blob(iv, false))); Blob encoded = content.wireEncode(); Blob contentBlob = new Blob(encrypted, false); Assert.AssertTrue(contentBlob.equals(encoded)); }
public void testDecodingError() { EncryptedContent encryptedContent = new EncryptedContent(); Blob errorBlob1 = new Blob(toBuffer(new int[] { 0x1f, 0x30, // Wrong EncryptedContent (0x82, 0x24) 0x1c, 0x16, // KeyLocator 0x07, 0x14, // Name 0x08, 0x04, 0x74, 0x65, 0x73, 0x74, 0x08, 0x03, 0x6b, 0x65, 0x79, 0x08, 0x07, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x6f, 0x72, 0x83, 0x01, // EncryptedAlgorithm 0x00, 0x85, 0x0a, // InitialVector 0x72, 0x61, 0x6e, 0x64, 0x6f, 0x6d, 0x62, 0x69, 0x74, 0x73, 0x84, 0x07, // EncryptedPayload 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74 }), false); try { encryptedContent.wireDecode(errorBlob1); Assert.Fail("wireDecode did not throw an exception"); } catch (EncodingException ex) { } catch (Exception ex_0) { Assert.Fail("wireDecode did not throw EncodingException"); } Blob errorBlob2 = new Blob(toBuffer(new int[] { 0x82, 0x30, // EncryptedContent 0x1d, 0x16, // Wrong KeyLocator (0x1c, 0x16) 0x07, 0x14, // Name 0x08, 0x04, 0x74, 0x65, 0x73, 0x74, 0x08, 0x03, 0x6b, 0x65, 0x79, 0x08, 0x07, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x6f, 0x72, 0x83, 0x01, // EncryptedAlgorithm 0x00, 0x85, 0x0a, // InitialVector 0x72, 0x61, 0x6e, 0x64, 0x6f, 0x6d, 0x62, 0x69, 0x74, 0x73, 0x84, 0x07, // EncryptedPayload 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74 }), false); try { encryptedContent.wireDecode(errorBlob2); Assert.Fail("wireDecode did not throw an exception"); } catch (EncodingException ex_1) { } catch (Exception ex_2) { Assert.Fail("wireDecode did not throw EncodingException"); } Blob errorBlob3 = new Blob(toBuffer(new int[] { 0x82, 0x30, // EncryptedContent 0x1c, 0x16, // KeyLocator 0x07, 0x14, // Name 0x08, 0x04, 0x74, 0x65, 0x73, 0x74, 0x08, 0x03, 0x6b, 0x65, 0x79, 0x08, 0x07, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x6f, 0x72, 0x1d, 0x01, // Wrong EncryptedAlgorithm (0x83, 0x01) 0x00, 0x85, 0x0a, // InitialVector 0x72, 0x61, 0x6e, 0x64, 0x6f, 0x6d, 0x62, 0x69, 0x74, 0x73, 0x84, 0x07, // EncryptedPayload 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74 }), false); try { encryptedContent.wireDecode(errorBlob3); Assert.Fail("wireDecode did not throw an exception"); } catch (EncodingException ex_3) { } catch (Exception ex_4) { Assert.Fail("wireDecode did not throw EncodingException"); } Blob errorBlob4 = new Blob(toBuffer(new int[] { 0x82, 0x30, // EncryptedContent 0x1c, 0x16, // KeyLocator 0x07, 0x14, // Name 0x08, 0x04, 0x74, 0x65, 0x73, 0x74, // 'test' 0x08, 0x03, 0x6b, 0x65, 0x79, // 'key' 0x08, 0x07, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x6f, 0x72, // 'locator' 0x83, 0x01, // EncryptedAlgorithm 0x00, 0x1f, 0x0a, // InitialVector (0x84, 0x0a) 0x72, 0x61, 0x6e, 0x64, 0x6f, 0x6d, 0x62, 0x69, 0x74, 0x73, 0x84, 0x07, // EncryptedPayload 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74 }), false); try { encryptedContent.wireDecode(errorBlob4); Assert.Fail("wireDecode did not throw an exception"); } catch (EncodingException ex_5) { } catch (Exception ex_6) { Assert.Fail("wireDecode did not throw EncodingException"); } Blob errorBlob5 = new Blob(toBuffer(new int[] { 0x82, 0x30, // EncryptedContent 0x1c, 0x16, // KeyLocator 0x07, 0x14, // Name 0x08, 0x04, 0x74, 0x65, 0x73, 0x74, // 'test' 0x08, 0x03, 0x6b, 0x65, 0x79, // 'key' 0x08, 0x07, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x6f, 0x72, // 'locator' 0x83, 0x01, // EncryptedAlgorithm 0x00, 0x85, 0x0a, // InitialVector 0x72, 0x61, 0x6e, 0x64, 0x6f, 0x6d, 0x62, 0x69, 0x74, 0x73, 0x21, 0x07, // EncryptedPayload (0x85, 0x07) 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74 }), false); try { encryptedContent.wireDecode(errorBlob5); Assert.Fail("wireDecode did not throw an exception"); } catch (EncodingException ex_7) { } catch (Exception ex_8) { Assert.Fail("wireDecode did not throw EncodingException"); } Blob errorBlob6 = new Blob(toBuffer(new int[] { 0x82, 0x00 // Empty EncryptedContent }), false); try { encryptedContent.wireDecode(errorBlob6); Assert.Fail("wireDecode did not throw an exception"); } catch (EncodingException ex_9) { } catch (Exception ex_10) { Assert.Fail("wireDecode did not throw EncodingException"); } }
/// <summary> /// Encrypt the payload using the symmetric key according to params, and return /// an EncryptedContent. /// </summary> /// /// <param name="payload">The data to encrypt.</param> /// <param name="key">The key value.</param> /// <param name="keyName">The key name for the EncryptedContent key locator.</param> /// <param name="params">The parameters for encryption.</param> /// <returns>A new EncryptedContent.</returns> private static EncryptedContent encryptSymmetric(Blob payload, Blob key, Name keyName, EncryptParams paras) { EncryptAlgorithmType algorithmType = paras.getAlgorithmType(); Blob initialVector = paras.getInitialVector(); KeyLocator keyLocator = new KeyLocator(); keyLocator.setType(net.named_data.jndn.KeyLocatorType.KEYNAME); keyLocator.setKeyName(keyName); if (algorithmType == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesCbc || algorithmType == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesEcb) { if (algorithmType == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesCbc) { if (initialVector.size() != net.named_data.jndn.encrypt.algo.AesAlgorithm.BLOCK_SIZE) throw new Exception("incorrect initial vector size"); } Blob encryptedPayload = net.named_data.jndn.encrypt.algo.AesAlgorithm.encrypt(key, payload, paras); EncryptedContent result = new EncryptedContent(); result.setAlgorithmType(algorithmType); result.setKeyLocator(keyLocator); result.setPayload(encryptedPayload); result.setInitialVector(initialVector); return result; } else throw new Exception("Unsupported encryption method"); }
public void testConstructor() { // Check default settings. EncryptedContent content = new EncryptedContent(); Assert.AssertEquals(net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.NONE, content.getAlgorithmType()); Assert.AssertEquals(true, content.getPayload().isNull()); Assert.AssertEquals(true, content.getInitialVector().isNull()); Assert.AssertEquals(net.named_data.jndn.KeyLocatorType.NONE, content.getKeyLocator().getType()); // Check an encrypted content with IV. KeyLocator keyLocator = new KeyLocator(); keyLocator.setType(net.named_data.jndn.KeyLocatorType.KEYNAME); keyLocator.getKeyName().set("/test/key/locator"); EncryptedContent rsaOaepContent = new EncryptedContent(); rsaOaepContent.setAlgorithmType(net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaOaep) .setKeyLocator(keyLocator).setPayload(new Blob(message, false)) .setInitialVector(new Blob(iv, false)); Assert.AssertEquals(net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaOaep, rsaOaepContent.getAlgorithmType()); Assert.AssertTrue(rsaOaepContent.getPayload().equals(new Blob(message, false))); Assert.AssertTrue(rsaOaepContent.getInitialVector() .equals(new Blob(iv, false))); Assert.AssertTrue(rsaOaepContent.getKeyLocator().getType() != net.named_data.jndn.KeyLocatorType.NONE); Assert.AssertTrue(rsaOaepContent.getKeyLocator().getKeyName() .equals(new Name("/test/key/locator"))); // Encoding. Blob encryptedBlob = new Blob(encrypted, false); Blob encoded = rsaOaepContent.wireEncode(); Assert.AssertTrue(encryptedBlob.equals(encoded)); // Decoding. EncryptedContent rsaOaepContent2 = new EncryptedContent(); rsaOaepContent2.wireDecode(encryptedBlob); Assert.AssertEquals(net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaOaep, rsaOaepContent2.getAlgorithmType()); Assert.AssertTrue(rsaOaepContent2.getPayload() .equals(new Blob(message, false))); Assert.AssertTrue(rsaOaepContent2.getInitialVector().equals( new Blob(iv, false))); Assert.AssertTrue(rsaOaepContent2.getKeyLocator().getType() != net.named_data.jndn.KeyLocatorType.NONE); Assert.AssertTrue(rsaOaepContent2.getKeyLocator().getKeyName() .equals(new Name("/test/key/locator"))); // Check the no IV case. EncryptedContent rsaOaepContentNoIv = new EncryptedContent(); rsaOaepContentNoIv.setAlgorithmType(net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaOaep) .setKeyLocator(keyLocator).setPayload(new Blob(message, false)); Assert.AssertEquals(net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaOaep, rsaOaepContentNoIv.getAlgorithmType()); Assert.AssertTrue(rsaOaepContentNoIv.getPayload().equals( new Blob(message, false))); Assert.AssertTrue(rsaOaepContentNoIv.getInitialVector().isNull()); Assert.AssertTrue(rsaOaepContentNoIv.getKeyLocator().getType() != net.named_data.jndn.KeyLocatorType.NONE); Assert.AssertTrue(rsaOaepContentNoIv.getKeyLocator().getKeyName() .equals(new Name("/test/key/locator"))); // Encoding. Blob encryptedBlob2 = new Blob(encryptedNoIv, false); Blob encodedNoIV = rsaOaepContentNoIv.wireEncode(); Assert.AssertTrue(encryptedBlob2.equals(encodedNoIV)); // Decoding. EncryptedContent rsaOaepContentNoIv2 = new EncryptedContent(); rsaOaepContentNoIv2.wireDecode(encryptedBlob2); Assert.AssertEquals(net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaOaep, rsaOaepContentNoIv2.getAlgorithmType()); Assert.AssertTrue(rsaOaepContentNoIv2.getPayload().equals( new Blob(message, false))); Assert.AssertTrue(rsaOaepContentNoIv2.getInitialVector().isNull()); Assert.AssertTrue(rsaOaepContentNoIv2.getKeyLocator().getType() != net.named_data.jndn.KeyLocatorType.NONE); Assert.AssertTrue(rsaOaepContentNoIv2.getKeyLocator().getKeyName() .equals(new Name("/test/key/locator"))); }
/// <summary> /// Decode input as an EncryptedContent and set the fields of the /// encryptedContent object. Your derived class should override. /// </summary> /// /// <param name="encryptedContent"></param> /// <param name="input"></param> /// <param name="copy">unchanged while the Blob values are used.</param> /// <exception cref="EncodingException">For invalid encoding.</exception> /// <exception cref="System.NotSupportedException">for unimplemented if the derivedclass does not override.</exception> public virtual void decodeEncryptedContent(EncryptedContent encryptedContent, ByteBuffer input, bool copy) { throw new NotSupportedException( "decodeEncryptedContent is not implemented"); }
/// <summary> /// Encrypt the payload using the asymmetric key according to params, and /// return an EncryptedContent. /// </summary> /// /// <param name="payload"></param> /// <param name="key">The key value.</param> /// <param name="keyName">The key name for the EncryptedContent key locator.</param> /// <param name="params">The parameters for encryption.</param> /// <returns>A new EncryptedContent.</returns> private static EncryptedContent encryptAsymmetric(Blob payload, Blob key, Name keyName, EncryptParams paras) { EncryptAlgorithmType algorithmType = paras.getAlgorithmType(); KeyLocator keyLocator = new KeyLocator(); keyLocator.setType(net.named_data.jndn.KeyLocatorType.KEYNAME); keyLocator.setKeyName(keyName); if (algorithmType == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaPkcs || algorithmType == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaOaep) { Blob encryptedPayload = net.named_data.jndn.encrypt.algo.RsaAlgorithm.encrypt(key, payload, paras); EncryptedContent result = new EncryptedContent(); result.setAlgorithmType(algorithmType); result.setKeyLocator(keyLocator); result.setPayload(encryptedPayload); return result; } else throw new Exception("Unsupported encryption method"); }
/// <summary> /// Decrypt dKeyData. /// </summary> /// /// <param name="dKeyData">The D-KEY data packet.</param> /// <param name="onPlainText_0"></param> /// <param name="onError_1">This calls onError.onError(errorCode, message) for an error.</param> internal void decryptDKey(Data dKeyData, Consumer.OnPlainText onPlainText_0, net.named_data.jndn.encrypt.EncryptError.OnError onError_1) { // Get the encrypted content. Blob dataContent = dKeyData.getContent(); // Process the nonce. // dataContent is a sequence of the two EncryptedContent. EncryptedContent encryptedNonce = new EncryptedContent(); try { encryptedNonce.wireDecode(dataContent); } catch (EncodingException ex) { try { onError_1.onError(net.named_data.jndn.encrypt.EncryptError.ErrorCode.InvalidEncryptedFormat, ex.Message); } catch (Exception exception) { logger_.log(ILOG.J2CsMapping.Util.Logging.Level.SEVERE, "Error in onError", exception); } return; } Name consumerKeyName = encryptedNonce.getKeyLocator().getKeyName(); // Get consumer decryption key. Blob consumerKeyBlob; try { consumerKeyBlob = getDecryptionKey(consumerKeyName); } catch (ConsumerDb.Error ex_2) { try { onError_1.onError(net.named_data.jndn.encrypt.EncryptError.ErrorCode.NoDecryptKey, "Database error: " + ex_2.Message); } catch (Exception exception_3) { logger_.log(ILOG.J2CsMapping.Util.Logging.Level.SEVERE, "Error in onError", exception_3); } return; } if (consumerKeyBlob.size() == 0) { try { onError_1.onError(net.named_data.jndn.encrypt.EncryptError.ErrorCode.NoDecryptKey, "The desired consumer decryption key in not in the database"); } catch (Exception exception_4) { logger_.log(ILOG.J2CsMapping.Util.Logging.Level.SEVERE, "Error in onError", exception_4); } return; } // Process the D-KEY. // Use the size of encryptedNonce to find the start of encryptedPayload. ByteBuffer encryptedPayloadBuffer = dataContent.buf().duplicate(); encryptedPayloadBuffer.position(encryptedNonce.wireEncode().size()); Blob encryptedPayloadBlob_5 = new Blob(encryptedPayloadBuffer, false); if (encryptedPayloadBlob_5.size() == 0) { try { onError_1.onError(net.named_data.jndn.encrypt.EncryptError.ErrorCode.InvalidEncryptedFormat, "The data packet does not satisfy the D-KEY packet format"); } catch (Exception ex_6) { logger_.log(ILOG.J2CsMapping.Util.Logging.Level.SEVERE, "Error in onError", ex_6); } return; } // Decrypt the D-KEY. Consumer.OnPlainText callerOnPlainText_7 = onPlainText_0; decrypt(encryptedNonce, consumerKeyBlob, new Consumer.Anonymous_C3(callerOnPlainText_7, onError_1, encryptedPayloadBlob_5), onError_1); }
public Anonymous_C2(Consumer paramouter_Consumer, net.named_data.jndn.encrypt.EncryptError.OnError onError_0, Consumer.OnPlainText onPlainText_1, Name dKeyName_2, EncryptedContent cKeyEncryptedContent_3) { this.onError = onError_0; this.onPlainText = onPlainText_1; this.dKeyName = dKeyName_2; this.cKeyEncryptedContent = cKeyEncryptedContent_3; this.outer_Consumer = paramouter_Consumer; }
/// <summary> /// Encode the EncryptedContent in NDN-TLV and return the encoding. /// </summary> /// /// <param name="encryptedContent">The EncryptedContent object to encode.</param> /// <returns>A Blob containing the encoding.</returns> public override Blob encodeEncryptedContent(EncryptedContent encryptedContent) { TlvEncoder encoder = new TlvEncoder(256); int saveLength = encoder.getLength(); // Encode backwards. encoder.writeBlobTlv(net.named_data.jndn.encoding.tlv.Tlv.Encrypt_EncryptedPayload, encryptedContent .getPayload().buf()); encoder.writeOptionalBlobTlv(net.named_data.jndn.encoding.tlv.Tlv.Encrypt_InitialVector, encryptedContent.getInitialVector().buf()); // Assume the algorithmType value is the same as the TLV type. encoder.writeNonNegativeIntegerTlv(net.named_data.jndn.encoding.tlv.Tlv.Encrypt_EncryptionAlgorithm, encryptedContent.getAlgorithmType().getNumericType()); Tlv0_2WireFormat.encodeKeyLocator(net.named_data.jndn.encoding.tlv.Tlv.KeyLocator, encryptedContent.getKeyLocator(), encoder); encoder.writeTypeAndLength(net.named_data.jndn.encoding.tlv.Tlv.Encrypt_EncryptedContent, encoder.getLength() - saveLength); return new Blob(encoder.getOutput(), false); }
public void testContentAsymmetricEncryptSmall() { /* foreach */ foreach (TestEncryptor.AsymmetricEncryptInput input in encryptorRsaTestInputs) { Blob rawContent = new Blob(toBuffer(new int[] { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x73 }), false); Data data = new Data(); RsaKeyParams rsaParams = new RsaKeyParams(1024); Name keyName = new Name("test"); DecryptKey decryptKey = net.named_data.jndn.encrypt.algo.RsaAlgorithm.generateKey(rsaParams); EncryptKey encryptKey = net.named_data.jndn.encrypt.algo.RsaAlgorithm.deriveEncryptKey(decryptKey .getKeyBits()); Blob eKey = encryptKey.getKeyBits(); Blob dKey = decryptKey.getKeyBits(); EncryptParams encryptParams = new EncryptParams(input.type()); net.named_data.jndn.encrypt.algo.Encryptor.encryptData(data, rawContent, keyName, eKey, encryptParams); Assert.AssertEquals(input.testName(), new Name("/FOR").append(keyName), data.getName()); EncryptedContent extractContent = new EncryptedContent(); extractContent.wireDecode(data.getContent()); Assert.AssertEquals(input.testName(), keyName, extractContent .getKeyLocator().getKeyName()); Assert.AssertEquals(input.testName(), 0, extractContent.getInitialVector() .size()); Assert.AssertEquals(input.testName(), input.type(), extractContent.getAlgorithmType()); Blob recovered = extractContent.getPayload(); Blob decrypted = net.named_data.jndn.encrypt.algo.RsaAlgorithm.decrypt(dKey, recovered, encryptParams); Assert.AssertTrue(input.testName(), rawContent.equals(decrypted)); } }
/// <summary> /// Decode input as a EncryptedContent in NDN-TLV and set the fields of the /// encryptedContent object. /// </summary> /// /// <param name="encryptedContent"></param> /// <param name="input"></param> /// <param name="copy">unchanged while the Blob values are used.</param> /// <exception cref="EncodingException">For invalid encoding</exception> public override void decodeEncryptedContent(EncryptedContent encryptedContent, ByteBuffer input, bool copy) { TlvDecoder decoder = new TlvDecoder(input); int endOffset = decoder .readNestedTlvsStart(net.named_data.jndn.encoding.tlv.Tlv.Encrypt_EncryptedContent); Tlv0_2WireFormat.decodeKeyLocator(net.named_data.jndn.encoding.tlv.Tlv.KeyLocator, encryptedContent.getKeyLocator(), decoder, copy); int algorithmType = (int) decoder .readNonNegativeIntegerTlv(net.named_data.jndn.encoding.tlv.Tlv.Encrypt_EncryptionAlgorithm); if (algorithmType == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesEcb.getNumericType()) encryptedContent.setAlgorithmType(net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesEcb); else if (algorithmType == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesCbc.getNumericType()) encryptedContent.setAlgorithmType(net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesCbc); else if (algorithmType == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaPkcs.getNumericType()) encryptedContent.setAlgorithmType(net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaPkcs); else if (algorithmType == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaOaep.getNumericType()) encryptedContent.setAlgorithmType(net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaOaep); else throw new EncodingException( "Unrecognized EncryptionAlgorithm code " + algorithmType); encryptedContent.setInitialVector(new Blob(decoder.readOptionalBlobTlv( net.named_data.jndn.encoding.tlv.Tlv.Encrypt_InitialVector, endOffset), copy)); encryptedContent.setPayload(new Blob(decoder .readBlobTlv(net.named_data.jndn.encoding.tlv.Tlv.Encrypt_EncryptedPayload), copy)); decoder.finishNestedTlvs(endOffset); }
/// <summary> /// Decrypt encryptedContent using keyBits. /// </summary> /// /// <param name="encryptedContent">The EncryptedContent to decrypt.</param> /// <param name="keyBits">The key value.</param> /// <param name="onPlainText_0"></param> /// <param name="onError_1">This calls onError.onError(errorCode, message) for an error.</param> internal static void decrypt(EncryptedContent encryptedContent, Blob keyBits, Consumer.OnPlainText onPlainText_0, net.named_data.jndn.encrypt.EncryptError.OnError onError_1) { Blob payload = encryptedContent.getPayload(); if (encryptedContent.getAlgorithmType() == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesCbc) { // Prepare the parameters. EncryptParams decryptParams = new EncryptParams( net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesCbc); decryptParams.setInitialVector(encryptedContent.getInitialVector()); // Decrypt the content. Blob content; try { content = net.named_data.jndn.encrypt.algo.AesAlgorithm.decrypt(keyBits, payload, decryptParams); } catch (Exception ex) { try { onError_1.onError(net.named_data.jndn.encrypt.EncryptError.ErrorCode.InvalidEncryptedFormat, ex.Message); } catch (Exception exception) { logger_.log(ILOG.J2CsMapping.Util.Logging.Level.SEVERE, "Error in onError", exception); } return; } try { onPlainText_0.onPlainText(content); } catch (Exception ex_2) { logger_.log(ILOG.J2CsMapping.Util.Logging.Level.SEVERE, "Error in onPlainText", ex_2); } } else if (encryptedContent.getAlgorithmType() == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaOaep) { // Prepare the parameters. EncryptParams decryptParams_3 = new EncryptParams( net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaOaep); // Decrypt the content. Blob content_4; try { content_4 = net.named_data.jndn.encrypt.algo.RsaAlgorithm.decrypt(keyBits, payload, decryptParams_3); } catch (Exception ex_5) { try { onError_1.onError(net.named_data.jndn.encrypt.EncryptError.ErrorCode.InvalidEncryptedFormat, ex_5.Message); } catch (Exception exception_6) { logger_.log(ILOG.J2CsMapping.Util.Logging.Level.SEVERE, "Error in onError", exception_6); } return; } try { onPlainText_0.onPlainText(content_4); } catch (Exception ex_7) { logger_.log(ILOG.J2CsMapping.Util.Logging.Level.SEVERE, "Error in onPlainText", ex_7); } } else { try { onError_1.onError(net.named_data.jndn.encrypt.EncryptError.ErrorCode.UnsupportedEncryptionScheme, encryptedContent.getAlgorithmType().toString()); } catch (Exception ex_8) { logger_.log(ILOG.J2CsMapping.Util.Logging.Level.SEVERE, "Error in onError", ex_8); } } }
/// <summary> /// Decrypt cKeyData. /// </summary> /// /// <param name="cKeyData">The C-KEY data packet.</param> /// <param name="onPlainText_0"></param> /// <param name="onError_1">This calls onError.onError(errorCode, message) for an error.</param> internal void decryptCKey(Data cKeyData, Consumer.OnPlainText onPlainText_0, net.named_data.jndn.encrypt.EncryptError.OnError onError_1) { // Get the encrypted content. Blob cKeyContent = cKeyData.getContent(); EncryptedContent cKeyEncryptedContent_2 = new EncryptedContent(); try { cKeyEncryptedContent_2.wireDecode(cKeyContent); } catch (EncodingException ex) { try { onError_1.onError(net.named_data.jndn.encrypt.EncryptError.ErrorCode.InvalidEncryptedFormat, ex.Message); } catch (Exception exception) { logger_.log(ILOG.J2CsMapping.Util.Logging.Level.SEVERE, "Error in onError", exception); } return; } Name eKeyName = cKeyEncryptedContent_2.getKeyLocator().getKeyName(); Name dKeyName_3 = eKeyName.getPrefix(-3); dKeyName_3.append(net.named_data.jndn.encrypt.algo.Encryptor.NAME_COMPONENT_D_KEY).append( eKeyName.getSubName(-2)); // Check if the decryption key is already in the store. Blob dKey = (Blob) ILOG.J2CsMapping.Collections.Collections.Get(dKeyMap_,dKeyName_3); if (dKey != null) decrypt(cKeyEncryptedContent_2, dKey, onPlainText_0, onError_1); else { // Get the D-Key Data. Name interestName = new Name(dKeyName_3); interestName.append(net.named_data.jndn.encrypt.algo.Encryptor.NAME_COMPONENT_FOR).append( consumerName_); Interest interest_4 = new Interest(interestName); // Prepare the callback functions. OnData onData_5 = new Consumer.Anonymous_C2 (this, onError_1, onPlainText_0, dKeyName_3, cKeyEncryptedContent_2); OnTimeout onTimeout = new Consumer.Anonymous_C1 (this, interest_4, onData_5, onError_1); // Express the Interest. try { face_.expressInterest(interest_4, onData_5, onTimeout); } catch (IOException ex_6) { try { onError_1.onError(net.named_data.jndn.encrypt.EncryptError.ErrorCode.IOException, "expressInterest error: " + ex_6.Message); } catch (Exception exception_7) { logger_.log(ILOG.J2CsMapping.Util.Logging.Level.SEVERE, "Error in onError", exception_7); } } } }
/// <summary> /// Decrypt encryptedContent using keyBits. /// </summary> /// /// <param name="encryptedContent">The EncryptedContent to decrypt.</param> /// <param name="keyBits">The key value.</param> /// <param name="onPlainText_0"></param> /// <param name="onError_1">This calls onError.onError(errorCode, message) for an error.</param> static internal void decrypt(EncryptedContent encryptedContent, Blob keyBits, Consumer.OnPlainText onPlainText_0, net.named_data.jndn.encrypt.EncryptError.OnError onError_1) { Blob payload = encryptedContent.getPayload(); if (encryptedContent.getAlgorithmType() == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesCbc) { // Prepare the parameters. EncryptParams decryptParams = new EncryptParams( net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesCbc); decryptParams.setInitialVector(encryptedContent.getInitialVector()); // Decrypt the content. Blob content; try { content = net.named_data.jndn.encrypt.algo.AesAlgorithm.decrypt(keyBits, payload, decryptParams); } catch (Exception ex) { try { onError_1.onError(net.named_data.jndn.encrypt.EncryptError.ErrorCode.InvalidEncryptedFormat, ex.Message); } catch (Exception exception) { logger_.log(ILOG.J2CsMapping.Util.Logging.Level.SEVERE, "Error in onError", exception); } return; } try { onPlainText_0.onPlainText(content); } catch (Exception ex_2) { logger_.log(ILOG.J2CsMapping.Util.Logging.Level.SEVERE, "Error in onPlainText", ex_2); } } else if (encryptedContent.getAlgorithmType() == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaOaep) { // Prepare the parameters. EncryptParams decryptParams_3 = new EncryptParams( net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaOaep); // Decrypt the content. Blob content_4; try { content_4 = net.named_data.jndn.encrypt.algo.RsaAlgorithm.decrypt(keyBits, payload, decryptParams_3); } catch (Exception ex_5) { try { onError_1.onError(net.named_data.jndn.encrypt.EncryptError.ErrorCode.InvalidEncryptedFormat, ex_5.Message); } catch (Exception exception_6) { logger_.log(ILOG.J2CsMapping.Util.Logging.Level.SEVERE, "Error in onError", exception_6); } return; } try { onPlainText_0.onPlainText(content_4); } catch (Exception ex_7) { logger_.log(ILOG.J2CsMapping.Util.Logging.Level.SEVERE, "Error in onPlainText", ex_7); } } else { try { onError_1.onError(net.named_data.jndn.encrypt.EncryptError.ErrorCode.UnsupportedEncryptionScheme, "" + encryptedContent.getAlgorithmType()); } catch (Exception ex_8) { logger_.log(ILOG.J2CsMapping.Util.Logging.Level.SEVERE, "Error in onError", ex_8); } } }
/// <summary> /// Decrypt dKeyData. /// </summary> /// /// <param name="dKeyData">The D-KEY data packet.</param> /// <param name="onPlainText_0"></param> /// <param name="onError_1">This calls onError.onError(errorCode, message) for an error.</param> internal void decryptDKey(Data dKeyData, Consumer.OnPlainText onPlainText_0, net.named_data.jndn.encrypt.EncryptError.OnError onError_1) { // Get the encrypted content. Blob dataContent = dKeyData.getContent(); // Process the nonce. // dataContent is a sequence of the two EncryptedContent. EncryptedContent encryptedNonce = new EncryptedContent(); try { encryptedNonce.wireDecode(dataContent); } catch (EncodingException ex) { try { onError_1.onError(net.named_data.jndn.encrypt.EncryptError.ErrorCode.InvalidEncryptedFormat, ex.Message); } catch (Exception exception) { logger_.log(ILOG.J2CsMapping.Util.Logging.Level.SEVERE, "Error in onError", exception); } return; } Name consumerKeyName = encryptedNonce.getKeyLocator().getKeyName(); // Get consumer decryption key. Blob consumerKeyBlob; try { consumerKeyBlob = getDecryptionKey(consumerKeyName); } catch (ConsumerDb.Error ex_2) { try { onError_1.onError(net.named_data.jndn.encrypt.EncryptError.ErrorCode.NoDecryptKey, "Database error: " + ex_2.Message); } catch (Exception exception_3) { logger_.log(ILOG.J2CsMapping.Util.Logging.Level.SEVERE, "Error in onError", exception_3); } return; } if (consumerKeyBlob.size() == 0) { try { onError_1.onError(net.named_data.jndn.encrypt.EncryptError.ErrorCode.NoDecryptKey, "The desired consumer decryption key in not in the database"); } catch (Exception exception_4) { logger_.log(ILOG.J2CsMapping.Util.Logging.Level.SEVERE, "Error in onError", exception_4); } return; } // Process the D-KEY. // Use the size of encryptedNonce to find the start of encryptedPayload. ByteBuffer encryptedPayloadBuffer = dataContent.buf().duplicate(); encryptedPayloadBuffer.position(encryptedNonce.wireEncode().size()); Blob encryptedPayloadBlob_5 = new Blob(encryptedPayloadBuffer, false); if (encryptedPayloadBlob_5.size() == 0) { try { onError_1.onError(net.named_data.jndn.encrypt.EncryptError.ErrorCode.InvalidEncryptedFormat, "The data packet does not satisfy the D-KEY packet format"); } catch (Exception ex_6) { logger_.log(ILOG.J2CsMapping.Util.Logging.Level.SEVERE, "Error in onError", ex_6); } return; } // Decrypt the D-KEY. Consumer.OnPlainText callerOnPlainText_7 = onPlainText_0; decrypt(encryptedNonce, consumerKeyBlob, new Consumer.Anonymous_C0 (callerOnPlainText_7, encryptedPayloadBlob_5, onError_1), onError_1); }
public void testContentSymmetricEncrypt() { /* foreach */ foreach (TestEncryptor.SymmetricEncryptInput input in encryptorAesTestInputs) { Data data = new Data(); net.named_data.jndn.encrypt.algo.Encryptor.encryptData(data, input.plainText(), input.keyName(), input.key(), input.encryptParams()); Assert.AssertEquals(input.testName(), new Name("/FOR").append(input.keyName()), data.getName()); Assert.AssertTrue(input.testName(), input.encryptedContent().equals(data.getContent())); EncryptedContent content = new EncryptedContent(); content.wireDecode(data.getContent()); Blob decryptedOutput = net.named_data.jndn.encrypt.algo.AesAlgorithm.decrypt(input.key(), content.getPayload(), input.encryptParams()); Assert.AssertTrue(input.testName(), input.plainText().equals(decryptedOutput)); } }
/// <summary> /// Decrypt the data packet. /// </summary> /// /// <param name="data">The data packet. This does not verify the packet.</param> /// <param name="onPlainText_0"></param> /// <param name="onError_1">This calls onError.onError(errorCode, message) for an error.</param> internal void decryptContent(Data data, Consumer.OnPlainText onPlainText_0, net.named_data.jndn.encrypt.EncryptError.OnError onError_1) { // Get the encrypted content. EncryptedContent dataEncryptedContent_2 = new EncryptedContent(); try { dataEncryptedContent_2.wireDecode(data.getContent()); } catch (EncodingException ex) { try { onError_1.onError(net.named_data.jndn.encrypt.EncryptError.ErrorCode.InvalidEncryptedFormat, ex.Message); } catch (Exception exception) { logger_.log(ILOG.J2CsMapping.Util.Logging.Level.SEVERE, "Error in onError", exception); } return; } Name cKeyName_3 = dataEncryptedContent_2.getKeyLocator().getKeyName(); // Check if the content key is already in the store. Blob cKey = (Blob) ILOG.J2CsMapping.Collections.Collections.Get(cKeyMap_,cKeyName_3); if (cKey != null) decrypt(dataEncryptedContent_2, cKey, onPlainText_0, onError_1); else { // Retrieve the C-KEY Data from the network. Name interestName = new Name(cKeyName_3); interestName.append(net.named_data.jndn.encrypt.algo.Encryptor.NAME_COMPONENT_FOR) .append(groupName_); Interest interest_4 = new Interest(interestName); // Prepare the callback functions. OnData onData_5 = new Consumer.Anonymous_C4 (this, cKeyName_3, onError_1, onPlainText_0, dataEncryptedContent_2); OnTimeout onTimeout = new Consumer.Anonymous_C3 (this, onData_5, onError_1, interest_4); // Express the Interest. try { face_.expressInterest(interest_4, onData_5, onTimeout); } catch (IOException ex_6) { try { onError_1.onError(net.named_data.jndn.encrypt.EncryptError.ErrorCode.IOException, "expressInterest error: " + ex_6.Message); } catch (Exception exception_7) { logger_.log(ILOG.J2CsMapping.Util.Logging.Level.SEVERE, "Error in onError", exception_7); } } } }
public void testContentAsymmetricEncryptLarge() { /* foreach */ foreach (TestEncryptor.AsymmetricEncryptInput input in encryptorRsaTestInputs) { Blob largeContent = new Blob(toBuffer(new int[] { 0x73, 0x5a, 0xbd, 0x47, 0x0c, 0xfe, 0xf8, 0x7d, 0x2e, 0x17, 0xaa, 0x11, 0x6f, 0x23, 0xc5, 0x10, 0x23, 0x36, 0x88, 0xc4, 0x2a, 0x0f, 0x9a, 0x72, 0x54, 0x31, 0xa8, 0xb3, 0x51, 0x18, 0x9f, 0x0e, 0x1b, 0x93, 0x62, 0xd9, 0xc4, 0xf5, 0xf4, 0x3d, 0x61, 0x9a, 0xca, 0x05, 0x65, 0x6b, 0xc6, 0x41, 0xf9, 0xd5, 0x1c, 0x67, 0xc1, 0xd0, 0xd5, 0x6f, 0x7b, 0x70, 0xb8, 0x8f, 0xdb, 0x19, 0x68, 0x7c, 0xe0, 0x2d, 0x04, 0x49, 0xa9, 0xa2, 0x77, 0x4e, 0xfc, 0x60, 0x0d, 0x7c, 0x1b, 0x93, 0x6c, 0xd2, 0x61, 0xc4, 0x6b, 0x01, 0xe9, 0x12, 0x28, 0x6d, 0xf5, 0x78, 0xe9, 0x99, 0x0b, 0x9c, 0x4f, 0x90, 0x34, 0x3e, 0x06, 0x92, 0x57, 0xe3, 0x7a, 0x8f, 0x13, 0xc7, 0xf3, 0xfe, 0xf0, 0xe2, 0x59, 0x48, 0x15, 0xb9, 0xdb, 0x77, 0x07, 0x1d, 0x6d, 0xb5, 0x65, 0x17, 0xdf, 0x76, 0x6f, 0xb5, 0x43, 0xde, 0x71, 0xac, 0xf1, 0x22, 0xbf, 0xb2, 0xe5, 0xd9, 0x22, 0xf1, 0x67, 0x76, 0x71, 0x0c, 0xff, 0x99, 0x7b, 0x94, 0x9b, 0x24, 0x20, 0x80, 0xe3, 0xcc, 0x06, 0x4a, 0xed, 0xdf, 0xec, 0x50, 0xd5, 0x87, 0x3d, 0xa0, 0x7d, 0x9c, 0xe5, 0x13, 0x10, 0x98, 0x14, 0xc3, 0x90, 0x10, 0xd9, 0x25, 0x9a, 0x59, 0xe9, 0x37, 0x26, 0xfd, 0x87, 0xd7, 0xf4, 0xf9, 0x11, 0x91, 0xad, 0x5c, 0x00, 0x95, 0xf5, 0x2b, 0x37, 0xf7, 0x4e, 0xb4, 0x4b, 0x42, 0x7c, 0xb3, 0xad, 0xd6, 0x33, 0x5f, 0x0b, 0x84, 0x57, 0x7f, 0xa7, 0x07, 0x73, 0x37, 0x4b, 0xab, 0x2e, 0xfb, 0xfe, 0x1e, 0xcb, 0xb6, 0x4a, 0xc1, 0x21, 0x5f, 0xec, 0x92, 0xb7, 0xac, 0x97, 0x75, 0x20, 0xc9, 0xd8, 0x9e, 0x93, 0xd5, 0x12, 0x7a, 0x64, 0xb9, 0x4c, 0xed, 0x49, 0x87, 0x44, 0x5b, 0x4f, 0x90, 0x34, 0x3e, 0x06, 0x92, 0x57, 0xe3, 0x7a, 0x8f, 0x13, 0xc7, 0xf3, 0xfe, 0xf0, 0xe2, 0x59, 0x48, 0x15, 0xb9, 0xdb, 0x77, 0x07, 0x1d, 0x6d, 0xb5, 0x65, 0x17, 0xdf, 0x76, 0x6f, 0xb5, 0x43, 0xde, 0x71, 0xac, 0xf1, 0x22, 0xbf, 0xb2, 0xe5, 0xd9 }), false); Data data = new Data(); RsaKeyParams rsaParams = new RsaKeyParams(1024); Name keyName = new Name("test"); DecryptKey decryptKey = net.named_data.jndn.encrypt.algo.RsaAlgorithm.generateKey(rsaParams); EncryptKey encryptKey = net.named_data.jndn.encrypt.algo.RsaAlgorithm.deriveEncryptKey(decryptKey .getKeyBits()); Blob eKey = encryptKey.getKeyBits(); Blob dKey = decryptKey.getKeyBits(); EncryptParams encryptParams = new EncryptParams(input.type()); net.named_data.jndn.encrypt.algo.Encryptor.encryptData(data, largeContent, keyName, eKey, encryptParams); Assert.AssertEquals(input.testName(), new Name("/FOR").append(keyName), data.getName()); Blob largeDataContent = data.getContent(); // largeDataContent is a sequence of the two EncryptedContent. EncryptedContent encryptedNonce = new EncryptedContent(); encryptedNonce.wireDecode(largeDataContent); Assert.AssertEquals(input.testName(), keyName, encryptedNonce .getKeyLocator().getKeyName()); Assert.AssertEquals(input.testName(), 0, encryptedNonce.getInitialVector() .size()); Assert.AssertEquals(input.testName(), input.type(), encryptedNonce.getAlgorithmType()); // Use the size of encryptedNonce to find the start of encryptedPayload. ByteBuffer payloadContent = largeDataContent.buf().duplicate(); payloadContent.position(encryptedNonce.wireEncode().size()); EncryptedContent encryptedPayload = new EncryptedContent(); encryptedPayload.wireDecode(payloadContent); Name nonceKeyName = new Name(keyName); nonceKeyName.append("nonce"); Assert.AssertEquals(input.testName(), nonceKeyName, encryptedPayload .getKeyLocator().getKeyName()); Assert.AssertEquals(input.testName(), 16, encryptedPayload .getInitialVector().size()); Assert.AssertEquals(input.testName(), net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesCbc, encryptedPayload.getAlgorithmType()); Assert.AssertTrue(input.testName(), encryptedNonce.wireEncode().size() + encryptedPayload.wireEncode().size() == largeDataContent .size()); Blob blobNonce = encryptedNonce.getPayload(); Blob nonce = net.named_data.jndn.encrypt.algo.RsaAlgorithm.decrypt(dKey, blobNonce, encryptParams); encryptParams.setAlgorithmType(net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesCbc); encryptParams.setInitialVector(encryptedPayload.getInitialVector()); Blob bufferPayload = encryptedPayload.getPayload(); Blob largePayload = net.named_data.jndn.encrypt.algo.AesAlgorithm.decrypt(nonce, bufferPayload, encryptParams); Assert.AssertTrue(input.testName(), largeContent.equals(largePayload)); } }
/// <summary> /// Decode input as an EncryptedContent and set the fields of the /// encryptedContent object. Copy from the input when making new Blob values. /// Your derived class should override. /// </summary> /// /// <param name="encryptedContent"></param> /// <param name="input"></param> /// <exception cref="EncodingException">For invalid encoding.</exception> /// <exception cref="System.NotSupportedException">for unimplemented if the derivedclass does not override.</exception> public void decodeEncryptedContent(EncryptedContent encryptedContent, ByteBuffer input) { decodeEncryptedContent(encryptedContent, input, true); }
public void testGetGroupKey() { // Create the group manager. GroupManager manager = new GroupManager(new Name("Alice"), new Name( "data_type"), new Sqlite3GroupManagerDb( System.IO.Path.GetFullPath(groupKeyDatabaseFilePath.Name)), 1024, 1, keyChain); setManager(manager); // Get the data list from the group manager. double timePoint1 = net.named_data.jndn.tests.unit_tests.UnitTestsCommon.fromIsoString("20150825T093000"); IList result = manager.getGroupKey(timePoint1); AssertEquals(4, result.Count); // The first data packet contains the group's encryption key (public key). Data data = (Data) result[0]; AssertEquals( "/Alice/READ/data_type/E-KEY/20150825T090000/20150825T100000", data.getName().toUri()); EncryptKey groupEKey = new EncryptKey(data.getContent()); // Get the second data packet and decrypt. data = (Data) result[1]; AssertEquals( "/Alice/READ/data_type/D-KEY/20150825T090000/20150825T100000/FOR/ndn/memberA/ksk-123", data.getName().toUri()); /////////////////////////////////////////////////////// Start decryption. Blob dataContent = data.getContent(); // Get the nonce key. // dataContent is a sequence of the two EncryptedContent. EncryptedContent encryptedNonce = new EncryptedContent(); encryptedNonce.wireDecode(dataContent); AssertEquals(0, encryptedNonce.getInitialVector().size()); AssertEquals(net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaOaep, encryptedNonce.getAlgorithmType()); EncryptParams decryptParams = new EncryptParams( net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaOaep); Blob blobNonce = encryptedNonce.getPayload(); Blob nonce = net.named_data.jndn.encrypt.algo.RsaAlgorithm.decrypt(decryptKeyBlob, blobNonce, decryptParams); // Get the payload. // Use the size of encryptedNonce to find the start of encryptedPayload. ByteBuffer payloadContent = dataContent.buf().duplicate(); payloadContent.position(encryptedNonce.wireEncode().size()); EncryptedContent encryptedPayload = new EncryptedContent(); encryptedPayload.wireDecode(payloadContent); AssertEquals(16, encryptedPayload.getInitialVector().size()); AssertEquals(net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesCbc, encryptedPayload.getAlgorithmType()); decryptParams.setAlgorithmType(net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesCbc); decryptParams.setInitialVector(encryptedPayload.getInitialVector()); Blob blobPayload = encryptedPayload.getPayload(); Blob largePayload = net.named_data.jndn.encrypt.algo.AesAlgorithm.decrypt(nonce, blobPayload, decryptParams); // Get the group D-KEY. DecryptKey groupDKey = new DecryptKey(largePayload); /////////////////////////////////////////////////////// End decryption. // Check the D-KEY. EncryptKey derivedGroupEKey = net.named_data.jndn.encrypt.algo.RsaAlgorithm.deriveEncryptKey(groupDKey .getKeyBits()); AssertTrue(groupEKey.getKeyBits().equals(derivedGroupEKey.getKeyBits())); // Check the third data packet. data = (Data) result[2]; AssertEquals( "/Alice/READ/data_type/D-KEY/20150825T090000/20150825T100000/FOR/ndn/memberB/ksk-123", data.getName().toUri()); // Check the fourth data packet. data = (Data) result[3]; AssertEquals( "/Alice/READ/data_type/D-KEY/20150825T090000/20150825T100000/FOR/ndn/memberC/ksk-123", data.getName().toUri()); // Check invalid time stamps for getting the group key. double timePoint2 = net.named_data.jndn.tests.unit_tests.UnitTestsCommon.fromIsoString("20150826T083000"); AssertEquals(0, manager.getGroupKey(timePoint2).Count); double timePoint3 = net.named_data.jndn.tests.unit_tests.UnitTestsCommon.fromIsoString("20150827T023000"); AssertEquals(0, manager.getGroupKey(timePoint3).Count); }
/// <summary> /// Encode the EncryptedContent and return the encoding. Your derived class /// should override. /// </summary> /// /// <param name="encryptedContent">The EncryptedContent object to encode.</param> /// <returns>A Blob containing the encoding.</returns> /// <exception cref="System.NotSupportedException">for unimplemented if the derivedclass does not override.</exception> public virtual Blob encodeEncryptedContent(EncryptedContent encryptedContent) { throw new NotSupportedException( "encodeEncryptedContent is not implemented"); }
public void testCreateDKeyData() { // Create the group manager. GroupManager manager = new GroupManager(new Name("Alice"), new Name( "data_type"), new Sqlite3GroupManagerDb( System.IO.Path.GetFullPath(dKeyDatabaseFilePath.Name)), 2048, 1, keyChain); Blob newCertificateBlob = certificate.wireEncode(); IdentityCertificate newCertificate = new IdentityCertificate(); newCertificate.wireDecode(newCertificateBlob); // Encrypt the D-KEY. Data data = friendAccess.createDKeyData(manager, "20150825T000000", "20150827T000000", new Name("/ndn/memberA/KEY"), decryptKeyBlob, newCertificate.getPublicKeyInfo().getKeyDer()); // Verify the encrypted D-KEY. Blob dataContent = data.getContent(); // Get the nonce key. // dataContent is a sequence of the two EncryptedContent. EncryptedContent encryptedNonce = new EncryptedContent(); encryptedNonce.wireDecode(dataContent); AssertEquals(0, encryptedNonce.getInitialVector().size()); AssertEquals(net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaOaep, encryptedNonce.getAlgorithmType()); Blob blobNonce = encryptedNonce.getPayload(); EncryptParams decryptParams = new EncryptParams( net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaOaep); Blob nonce = net.named_data.jndn.encrypt.algo.RsaAlgorithm.decrypt(decryptKeyBlob, blobNonce, decryptParams); // Get the D-KEY. // Use the size of encryptedNonce to find the start of encryptedPayload. ByteBuffer payloadContent = dataContent.buf().duplicate(); payloadContent.position(encryptedNonce.wireEncode().size()); EncryptedContent encryptedPayload = new EncryptedContent(); encryptedPayload.wireDecode(payloadContent); AssertEquals(16, encryptedPayload.getInitialVector().size()); AssertEquals(net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesCbc, encryptedPayload.getAlgorithmType()); decryptParams.setAlgorithmType(net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesCbc); decryptParams.setInitialVector(encryptedPayload.getInitialVector()); Blob blobPayload = encryptedPayload.getPayload(); Blob largePayload = net.named_data.jndn.encrypt.algo.AesAlgorithm.decrypt(nonce, blobPayload, decryptParams); AssertTrue(largePayload.equals(decryptKeyBlob)); }