/// <summary>
/// Encrypt the payload using the asymmetric key according to params, and
/// return an EncryptedContent.
/// </summary>
///
/// <param name="payload"></param>
/// <param name="key">The key value.</param>
/// <param name="keyName">The key name for the EncryptedContent key locator.</param>
/// <param name="params">The parameters for encryption.</param>
/// <returns>A new EncryptedContent.</returns>
private static EncryptedContent encryptAsymmetric(Blob payload, Blob key,
Name keyName, EncryptParams paras)
{
EncryptAlgorithmType algorithmType = paras.getAlgorithmType();
KeyLocator keyLocator = new KeyLocator();
keyLocator.setType(net.named_data.jndn.KeyLocatorType.KEYNAME);
keyLocator.setKeyName(keyName);
if (algorithmType == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaPkcs
|| algorithmType == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaOaep) {
Blob encryptedPayload = net.named_data.jndn.encrypt.algo.RsaAlgorithm.encrypt(key, payload, paras);
EncryptedContent result = new EncryptedContent();
result.setAlgorithmType(algorithmType);
result.setKeyLocator(keyLocator);
result.setPayload(encryptedPayload);
return result;
} else
throw new Exception("Unsupported encryption method");
}
/// <summary>
/// Encrypt the payload using the symmetric key according to params, and return
/// an EncryptedContent.
/// </summary>
///
/// <param name="payload">The data to encrypt.</param>
/// <param name="key">The key value.</param>
/// <param name="keyName">The key name for the EncryptedContent key locator.</param>
/// <param name="params">The parameters for encryption.</param>
/// <returns>A new EncryptedContent.</returns>
private static EncryptedContent encryptSymmetric(Blob payload, Blob key,
Name keyName, EncryptParams paras)
{
EncryptAlgorithmType algorithmType = paras.getAlgorithmType();
Blob initialVector = paras.getInitialVector();
KeyLocator keyLocator = new KeyLocator();
keyLocator.setType(net.named_data.jndn.KeyLocatorType.KEYNAME);
keyLocator.setKeyName(keyName);
if (algorithmType == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesCbc
|| algorithmType == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesEcb) {
if (algorithmType == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesCbc) {
if (initialVector.size() != net.named_data.jndn.encrypt.algo.AesAlgorithm.BLOCK_SIZE)
throw new Exception("incorrect initial vector size");
}
Blob encryptedPayload = net.named_data.jndn.encrypt.algo.AesAlgorithm.encrypt(key, payload, paras);
EncryptedContent result = new EncryptedContent();
result.setAlgorithmType(algorithmType);
result.setKeyLocator(keyLocator);
result.setPayload(encryptedPayload);
result.setInitialVector(initialVector);
return result;
} else
throw new Exception("Unsupported encryption method");
}
/**
* Loop to encode a data packet nIterations times.
* @param nIterations The number of iterations.
* @param useComplex If true, use a large name, large content and all fields.
* If false, use a small name, small content
* and only required fields.
* @param useCrypto If true, sign the data packet. If false, use a blank
* signature.
* @param keyType KeyType.RSA or EC, used if useCrypto is true.
* @param encoding Set encoding[0] to the wire encoding.
* @return The number of seconds for all iterations.
*/
private static double benchmarkEncodeDataSeconds(int nIterations, bool useComplex, bool useCrypto, KeyType keyType,
Blob[] encoding)
{
Name name;
Blob content;
if (useComplex) {
// Use a large name and content.
name = new Name
("/ndn/ucla.edu/apps/lwndn-test/numbers.txt/%FD%05%05%E8%0C%CE%1D/%00");
StringBuilder contentStream = new StringBuilder();
int count = 1;
contentStream.append(count++);
while (contentStream.toString().Length < 1115)
contentStream.append(" ").append(count++);
content = new Blob(contentStream.toString());
}
else {
// Use a small name and content.
name = new Name("/test");
content = new Blob("abc");
}
Name.Component finalBlockId =
new Name.Component(new Blob(new byte[] { (byte)0 }));
// Initialize the KeyChain storage in case useCrypto is true.
MemoryIdentityStorage identityStorage = new MemoryIdentityStorage();
MemoryPrivateKeyStorage privateKeyStorage = new MemoryPrivateKeyStorage();
KeyChain keyChain = new KeyChain
(new IdentityManager(identityStorage, privateKeyStorage),
new SelfVerifyPolicyManager(identityStorage));
Name keyName = new Name("/testname/DSK-123");
Name certificateName = keyName.getSubName(0, keyName.size() - 1).append
("KEY").append(keyName.get(-1)).append("ID-CERT").append("0");
privateKeyStorage.setKeyPairForKeyName
(keyName, KeyType.RSA, new ByteBuffer(DEFAULT_RSA_PUBLIC_KEY_DER),
new ByteBuffer(DEFAULT_RSA_PRIVATE_KEY_DER));
Blob signatureBits = new Blob(new byte[256]);
Blob emptyBlob = new Blob(new byte[0]);
double start = getNowSeconds();
for (int i = 0; i < nIterations; ++i) {
Data data = new Data(name);
data.setContent(content);
if (useComplex) {
data.getMetaInfo().setFreshnessPeriod(30000);
data.getMetaInfo().setFinalBlockId(finalBlockId);
}
if (useCrypto)
// This sets the signature fields.
keyChain.sign(data, certificateName);
else {
// Imitate IdentityManager.signByCertificate to set up the signature
// fields, but don't sign.
KeyLocator keyLocator = new KeyLocator();
keyLocator.setType(KeyLocatorType.KEYNAME);
keyLocator.setKeyName(certificateName);
Sha256WithRsaSignature sha256Signature =
(Sha256WithRsaSignature)data.getSignature();
sha256Signature.setKeyLocator(keyLocator);
sha256Signature.setSignature(signatureBits);
}
encoding[0] = data.wireEncode();
}
double finish = getNowSeconds();
return finish - start;
}
/// <summary>
/// Create an identity certificate for a public key supplied by the caller.
/// </summary>
///
/// <param name="certificatePrefix">The name of public key to be signed.</param>
/// <param name="publicKey">The public key to be signed.</param>
/// <param name="signerCertificateName">The name of signing certificate.</param>
/// <param name="notBefore">The notBefore value in the validity field of the generated certificate.</param>
/// <param name="notAfter">The notAfter vallue in validity field of the generated certificate.</param>
/// <returns>The generated identity certificate.</returns>
public IdentityCertificate createIdentityCertificate(
Name certificatePrefix, PublicKey publicKey,
Name signerCertificateName, double notBefore, double notAfter)
{
IdentityCertificate certificate = new IdentityCertificate();
Name keyName = getKeyNameFromCertificatePrefix(certificatePrefix);
Name certificateName = new Name(certificatePrefix);
certificateName.append("ID-CERT").appendVersion(
(long) net.named_data.jndn.util.Common.getNowMilliseconds());
certificate.setName(certificateName);
certificate.setNotBefore(notBefore);
certificate.setNotAfter(notAfter);
certificate.setPublicKeyInfo(publicKey);
certificate.addSubjectDescription(new CertificateSubjectDescription(
"2.5.4.41", keyName.toUri()));
try {
certificate.encode();
} catch (DerEncodingException ex) {
throw new SecurityException("DerDecodingException: " + ex);
} catch (DerDecodingException ex_0) {
throw new SecurityException("DerEncodingException: " + ex_0);
}
Sha256WithRsaSignature sha256Sig = new Sha256WithRsaSignature();
KeyLocator keyLocator = new KeyLocator();
keyLocator.setType(net.named_data.jndn.KeyLocatorType.KEYNAME);
keyLocator.setKeyName(signerCertificateName);
sha256Sig.setKeyLocator(keyLocator);
certificate.setSignature(sha256Sig);
SignedBlob unsignedData = certificate.wireEncode();
IdentityCertificate signerCertificate;
try {
signerCertificate = getCertificate(signerCertificateName);
} catch (DerDecodingException ex_1) {
throw new SecurityException("DerDecodingException: " + ex_1);
}
Name signerkeyName = signerCertificate.getPublicKeyName();
Blob sigBits = privateKeyStorage_.sign(unsignedData.signedBuf(),
signerkeyName);
sha256Sig.setSignature(sigBits);
return certificate;
}
private static void decodeKeyLocator(int expectedType,
KeyLocator keyLocator, TlvDecoder decoder, bool copy)
{
int endOffset = decoder.readNestedTlvsStart(expectedType);
keyLocator.clear();
if (decoder.getOffset() == endOffset)
// The KeyLocator is omitted, so leave the fields as none.
return;
if (decoder.peekType(net.named_data.jndn.encoding.tlv.Tlv.Name, endOffset)) {
// KeyLocator is a Name.
keyLocator.setType(net.named_data.jndn.KeyLocatorType.KEYNAME);
decodeName(keyLocator.getKeyName(), new int[1], new int[1],
decoder, copy);
} else if (decoder.peekType(net.named_data.jndn.encoding.tlv.Tlv.KeyLocatorDigest, endOffset)) {
// KeyLocator is a KeyLocatorDigest.
keyLocator.setType(net.named_data.jndn.KeyLocatorType.KEY_LOCATOR_DIGEST);
keyLocator.setKeyData(new Blob(decoder
.readBlobTlv(net.named_data.jndn.encoding.tlv.Tlv.KeyLocatorDigest), copy));
} else
throw new EncodingException(
"decodeKeyLocator: Unrecognized key locator type");
decoder.finishNestedTlvs(endOffset);
}
public void testConstructor()
{
// Check default settings.
EncryptedContent content = new EncryptedContent();
Assert.AssertEquals(net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.NONE, content.getAlgorithmType());
Assert.AssertEquals(true, content.getPayload().isNull());
Assert.AssertEquals(true, content.getInitialVector().isNull());
Assert.AssertEquals(net.named_data.jndn.KeyLocatorType.NONE, content.getKeyLocator().getType());
// Check an encrypted content with IV.
KeyLocator keyLocator = new KeyLocator();
keyLocator.setType(net.named_data.jndn.KeyLocatorType.KEYNAME);
keyLocator.getKeyName().set("/test/key/locator");
EncryptedContent rsaOaepContent = new EncryptedContent();
rsaOaepContent.setAlgorithmType(net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaOaep)
.setKeyLocator(keyLocator).setPayload(new Blob(message, false))
.setInitialVector(new Blob(iv, false));
Assert.AssertEquals(net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaOaep,
rsaOaepContent.getAlgorithmType());
Assert.AssertTrue(rsaOaepContent.getPayload().equals(new Blob(message, false)));
Assert.AssertTrue(rsaOaepContent.getInitialVector()
.equals(new Blob(iv, false)));
Assert.AssertTrue(rsaOaepContent.getKeyLocator().getType() != net.named_data.jndn.KeyLocatorType.NONE);
Assert.AssertTrue(rsaOaepContent.getKeyLocator().getKeyName()
.equals(new Name("/test/key/locator")));
// Encoding.
Blob encryptedBlob = new Blob(encrypted, false);
Blob encoded = rsaOaepContent.wireEncode();
Assert.AssertTrue(encryptedBlob.equals(encoded));
// Decoding.
EncryptedContent rsaOaepContent2 = new EncryptedContent();
rsaOaepContent2.wireDecode(encryptedBlob);
Assert.AssertEquals(net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaOaep,
rsaOaepContent2.getAlgorithmType());
Assert.AssertTrue(rsaOaepContent2.getPayload()
.equals(new Blob(message, false)));
Assert.AssertTrue(rsaOaepContent2.getInitialVector().equals(
new Blob(iv, false)));
Assert.AssertTrue(rsaOaepContent2.getKeyLocator().getType() != net.named_data.jndn.KeyLocatorType.NONE);
Assert.AssertTrue(rsaOaepContent2.getKeyLocator().getKeyName()
.equals(new Name("/test/key/locator")));
// Check the no IV case.
EncryptedContent rsaOaepContentNoIv = new EncryptedContent();
rsaOaepContentNoIv.setAlgorithmType(net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaOaep)
.setKeyLocator(keyLocator).setPayload(new Blob(message, false));
Assert.AssertEquals(net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaOaep,
rsaOaepContentNoIv.getAlgorithmType());
Assert.AssertTrue(rsaOaepContentNoIv.getPayload().equals(
new Blob(message, false)));
Assert.AssertTrue(rsaOaepContentNoIv.getInitialVector().isNull());
Assert.AssertTrue(rsaOaepContentNoIv.getKeyLocator().getType() != net.named_data.jndn.KeyLocatorType.NONE);
Assert.AssertTrue(rsaOaepContentNoIv.getKeyLocator().getKeyName()
.equals(new Name("/test/key/locator")));
// Encoding.
Blob encryptedBlob2 = new Blob(encryptedNoIv, false);
Blob encodedNoIV = rsaOaepContentNoIv.wireEncode();
Assert.AssertTrue(encryptedBlob2.equals(encodedNoIV));
// Decoding.
EncryptedContent rsaOaepContentNoIv2 = new EncryptedContent();
rsaOaepContentNoIv2.wireDecode(encryptedBlob2);
Assert.AssertEquals(net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaOaep,
rsaOaepContentNoIv2.getAlgorithmType());
Assert.AssertTrue(rsaOaepContentNoIv2.getPayload().equals(
new Blob(message, false)));
Assert.AssertTrue(rsaOaepContentNoIv2.getInitialVector().isNull());
Assert.AssertTrue(rsaOaepContentNoIv2.getKeyLocator().getType() != net.named_data.jndn.KeyLocatorType.NONE);
Assert.AssertTrue(rsaOaepContentNoIv2.getKeyLocator().getKeyName()
.equals(new Name("/test/key/locator")));
}
public void testSetterGetter()
{
EncryptedContent content = new EncryptedContent();
Assert.AssertEquals(net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.NONE, content.getAlgorithmType());
Assert.AssertEquals(true, content.getPayload().isNull());
Assert.AssertEquals(true, content.getInitialVector().isNull());
Assert.AssertEquals(net.named_data.jndn.KeyLocatorType.NONE, content.getKeyLocator().getType());
content.setAlgorithmType(net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaOaep);
Assert.AssertEquals(net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaOaep, content.getAlgorithmType());
Assert.AssertEquals(true, content.getPayload().isNull());
Assert.AssertEquals(true, content.getInitialVector().isNull());
Assert.AssertEquals(net.named_data.jndn.KeyLocatorType.NONE, content.getKeyLocator().getType());
KeyLocator keyLocator = new KeyLocator();
keyLocator.setType(net.named_data.jndn.KeyLocatorType.KEYNAME);
keyLocator.getKeyName().set("/test/key/locator");
content.setKeyLocator(keyLocator);
Assert.AssertTrue(content.getKeyLocator().getType() != net.named_data.jndn.KeyLocatorType.NONE);
Assert.AssertTrue(content.getKeyLocator().getKeyName()
.equals(new Name("/test/key/locator")));
Assert.AssertEquals(true, content.getPayload().isNull());
Assert.AssertEquals(true, content.getInitialVector().isNull());
content.setPayload(new Blob(message, false));
Assert.AssertTrue(content.getPayload().equals(new Blob(message, false)));
content.setInitialVector(new Blob(iv, false));
Assert.AssertTrue(content.getInitialVector().equals(new Blob(iv, false)));
Blob encoded = content.wireEncode();
Blob contentBlob = new Blob(encrypted, false);
Assert.AssertTrue(contentBlob.equals(encoded));
}
