/// <summary> /// Encrypt the payload using the asymmetric key according to params, and /// return an EncryptedContent. /// </summary> /// /// <param name="payload"></param> /// <param name="key">The key value.</param> /// <param name="keyName">The key name for the EncryptedContent key locator.</param> /// <param name="params">The parameters for encryption.</param> /// <returns>A new EncryptedContent.</returns> private static EncryptedContent encryptAsymmetric(Blob payload, Blob key, Name keyName, EncryptParams paras) { EncryptAlgorithmType algorithmType = paras.getAlgorithmType(); KeyLocator keyLocator = new KeyLocator(); keyLocator.setType(net.named_data.jndn.KeyLocatorType.KEYNAME); keyLocator.setKeyName(keyName); if (algorithmType == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaPkcs || algorithmType == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaOaep) { Blob encryptedPayload = net.named_data.jndn.encrypt.algo.RsaAlgorithm.encrypt(key, payload, paras); EncryptedContent result = new EncryptedContent(); result.setAlgorithmType(algorithmType); result.setKeyLocator(keyLocator); result.setPayload(encryptedPayload); return result; } else throw new Exception("Unsupported encryption method"); }
/// <summary> /// Encrypt the payload using the symmetric key according to params, and return /// an EncryptedContent. /// </summary> /// /// <param name="payload">The data to encrypt.</param> /// <param name="key">The key value.</param> /// <param name="keyName">The key name for the EncryptedContent key locator.</param> /// <param name="params">The parameters for encryption.</param> /// <returns>A new EncryptedContent.</returns> private static EncryptedContent encryptSymmetric(Blob payload, Blob key, Name keyName, EncryptParams paras) { EncryptAlgorithmType algorithmType = paras.getAlgorithmType(); Blob initialVector = paras.getInitialVector(); KeyLocator keyLocator = new KeyLocator(); keyLocator.setType(net.named_data.jndn.KeyLocatorType.KEYNAME); keyLocator.setKeyName(keyName); if (algorithmType == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesCbc || algorithmType == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesEcb) { if (algorithmType == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesCbc) { if (initialVector.size() != net.named_data.jndn.encrypt.algo.AesAlgorithm.BLOCK_SIZE) throw new Exception("incorrect initial vector size"); } Blob encryptedPayload = net.named_data.jndn.encrypt.algo.AesAlgorithm.encrypt(key, payload, paras); EncryptedContent result = new EncryptedContent(); result.setAlgorithmType(algorithmType); result.setKeyLocator(keyLocator); result.setPayload(encryptedPayload); result.setInitialVector(initialVector); return result; } else throw new Exception("Unsupported encryption method"); }
/** * Loop to encode a data packet nIterations times. * @param nIterations The number of iterations. * @param useComplex If true, use a large name, large content and all fields. * If false, use a small name, small content * and only required fields. * @param useCrypto If true, sign the data packet. If false, use a blank * signature. * @param keyType KeyType.RSA or EC, used if useCrypto is true. * @param encoding Set encoding[0] to the wire encoding. * @return The number of seconds for all iterations. */ private static double benchmarkEncodeDataSeconds(int nIterations, bool useComplex, bool useCrypto, KeyType keyType, Blob[] encoding) { Name name; Blob content; if (useComplex) { // Use a large name and content. name = new Name ("/ndn/ucla.edu/apps/lwndn-test/numbers.txt/%FD%05%05%E8%0C%CE%1D/%00"); StringBuilder contentStream = new StringBuilder(); int count = 1; contentStream.append(count++); while (contentStream.toString().Length < 1115) contentStream.append(" ").append(count++); content = new Blob(contentStream.toString()); } else { // Use a small name and content. name = new Name("/test"); content = new Blob("abc"); } Name.Component finalBlockId = new Name.Component(new Blob(new byte[] { (byte)0 })); // Initialize the KeyChain storage in case useCrypto is true. MemoryIdentityStorage identityStorage = new MemoryIdentityStorage(); MemoryPrivateKeyStorage privateKeyStorage = new MemoryPrivateKeyStorage(); KeyChain keyChain = new KeyChain (new IdentityManager(identityStorage, privateKeyStorage), new SelfVerifyPolicyManager(identityStorage)); Name keyName = new Name("/testname/DSK-123"); Name certificateName = keyName.getSubName(0, keyName.size() - 1).append ("KEY").append(keyName.get(-1)).append("ID-CERT").append("0"); privateKeyStorage.setKeyPairForKeyName (keyName, KeyType.RSA, new ByteBuffer(DEFAULT_RSA_PUBLIC_KEY_DER), new ByteBuffer(DEFAULT_RSA_PRIVATE_KEY_DER)); Blob signatureBits = new Blob(new byte[256]); Blob emptyBlob = new Blob(new byte[0]); double start = getNowSeconds(); for (int i = 0; i < nIterations; ++i) { Data data = new Data(name); data.setContent(content); if (useComplex) { data.getMetaInfo().setFreshnessPeriod(30000); data.getMetaInfo().setFinalBlockId(finalBlockId); } if (useCrypto) // This sets the signature fields. keyChain.sign(data, certificateName); else { // Imitate IdentityManager.signByCertificate to set up the signature // fields, but don't sign. KeyLocator keyLocator = new KeyLocator(); keyLocator.setType(KeyLocatorType.KEYNAME); keyLocator.setKeyName(certificateName); Sha256WithRsaSignature sha256Signature = (Sha256WithRsaSignature)data.getSignature(); sha256Signature.setKeyLocator(keyLocator); sha256Signature.setSignature(signatureBits); } encoding[0] = data.wireEncode(); } double finish = getNowSeconds(); return finish - start; }
/// <summary> /// Create an identity certificate for a public key supplied by the caller. /// </summary> /// /// <param name="certificatePrefix">The name of public key to be signed.</param> /// <param name="publicKey">The public key to be signed.</param> /// <param name="signerCertificateName">The name of signing certificate.</param> /// <param name="notBefore">The notBefore value in the validity field of the generated certificate.</param> /// <param name="notAfter">The notAfter vallue in validity field of the generated certificate.</param> /// <returns>The generated identity certificate.</returns> public IdentityCertificate createIdentityCertificate( Name certificatePrefix, PublicKey publicKey, Name signerCertificateName, double notBefore, double notAfter) { IdentityCertificate certificate = new IdentityCertificate(); Name keyName = getKeyNameFromCertificatePrefix(certificatePrefix); Name certificateName = new Name(certificatePrefix); certificateName.append("ID-CERT").appendVersion( (long) net.named_data.jndn.util.Common.getNowMilliseconds()); certificate.setName(certificateName); certificate.setNotBefore(notBefore); certificate.setNotAfter(notAfter); certificate.setPublicKeyInfo(publicKey); certificate.addSubjectDescription(new CertificateSubjectDescription( "2.5.4.41", keyName.toUri())); try { certificate.encode(); } catch (DerEncodingException ex) { throw new SecurityException("DerDecodingException: " + ex); } catch (DerDecodingException ex_0) { throw new SecurityException("DerEncodingException: " + ex_0); } Sha256WithRsaSignature sha256Sig = new Sha256WithRsaSignature(); KeyLocator keyLocator = new KeyLocator(); keyLocator.setType(net.named_data.jndn.KeyLocatorType.KEYNAME); keyLocator.setKeyName(signerCertificateName); sha256Sig.setKeyLocator(keyLocator); certificate.setSignature(sha256Sig); SignedBlob unsignedData = certificate.wireEncode(); IdentityCertificate signerCertificate; try { signerCertificate = getCertificate(signerCertificateName); } catch (DerDecodingException ex_1) { throw new SecurityException("DerDecodingException: " + ex_1); } Name signerkeyName = signerCertificate.getPublicKeyName(); Blob sigBits = privateKeyStorage_.sign(unsignedData.signedBuf(), signerkeyName); sha256Sig.setSignature(sigBits); return certificate; }
private static void decodeKeyLocator(int expectedType, KeyLocator keyLocator, TlvDecoder decoder, bool copy) { int endOffset = decoder.readNestedTlvsStart(expectedType); keyLocator.clear(); if (decoder.getOffset() == endOffset) // The KeyLocator is omitted, so leave the fields as none. return; if (decoder.peekType(net.named_data.jndn.encoding.tlv.Tlv.Name, endOffset)) { // KeyLocator is a Name. keyLocator.setType(net.named_data.jndn.KeyLocatorType.KEYNAME); decodeName(keyLocator.getKeyName(), new int[1], new int[1], decoder, copy); } else if (decoder.peekType(net.named_data.jndn.encoding.tlv.Tlv.KeyLocatorDigest, endOffset)) { // KeyLocator is a KeyLocatorDigest. keyLocator.setType(net.named_data.jndn.KeyLocatorType.KEY_LOCATOR_DIGEST); keyLocator.setKeyData(new Blob(decoder .readBlobTlv(net.named_data.jndn.encoding.tlv.Tlv.KeyLocatorDigest), copy)); } else throw new EncodingException( "decodeKeyLocator: Unrecognized key locator type"); decoder.finishNestedTlvs(endOffset); }
public void testConstructor() { // Check default settings. EncryptedContent content = new EncryptedContent(); Assert.AssertEquals(net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.NONE, content.getAlgorithmType()); Assert.AssertEquals(true, content.getPayload().isNull()); Assert.AssertEquals(true, content.getInitialVector().isNull()); Assert.AssertEquals(net.named_data.jndn.KeyLocatorType.NONE, content.getKeyLocator().getType()); // Check an encrypted content with IV. KeyLocator keyLocator = new KeyLocator(); keyLocator.setType(net.named_data.jndn.KeyLocatorType.KEYNAME); keyLocator.getKeyName().set("/test/key/locator"); EncryptedContent rsaOaepContent = new EncryptedContent(); rsaOaepContent.setAlgorithmType(net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaOaep) .setKeyLocator(keyLocator).setPayload(new Blob(message, false)) .setInitialVector(new Blob(iv, false)); Assert.AssertEquals(net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaOaep, rsaOaepContent.getAlgorithmType()); Assert.AssertTrue(rsaOaepContent.getPayload().equals(new Blob(message, false))); Assert.AssertTrue(rsaOaepContent.getInitialVector() .equals(new Blob(iv, false))); Assert.AssertTrue(rsaOaepContent.getKeyLocator().getType() != net.named_data.jndn.KeyLocatorType.NONE); Assert.AssertTrue(rsaOaepContent.getKeyLocator().getKeyName() .equals(new Name("/test/key/locator"))); // Encoding. Blob encryptedBlob = new Blob(encrypted, false); Blob encoded = rsaOaepContent.wireEncode(); Assert.AssertTrue(encryptedBlob.equals(encoded)); // Decoding. EncryptedContent rsaOaepContent2 = new EncryptedContent(); rsaOaepContent2.wireDecode(encryptedBlob); Assert.AssertEquals(net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaOaep, rsaOaepContent2.getAlgorithmType()); Assert.AssertTrue(rsaOaepContent2.getPayload() .equals(new Blob(message, false))); Assert.AssertTrue(rsaOaepContent2.getInitialVector().equals( new Blob(iv, false))); Assert.AssertTrue(rsaOaepContent2.getKeyLocator().getType() != net.named_data.jndn.KeyLocatorType.NONE); Assert.AssertTrue(rsaOaepContent2.getKeyLocator().getKeyName() .equals(new Name("/test/key/locator"))); // Check the no IV case. EncryptedContent rsaOaepContentNoIv = new EncryptedContent(); rsaOaepContentNoIv.setAlgorithmType(net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaOaep) .setKeyLocator(keyLocator).setPayload(new Blob(message, false)); Assert.AssertEquals(net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaOaep, rsaOaepContentNoIv.getAlgorithmType()); Assert.AssertTrue(rsaOaepContentNoIv.getPayload().equals( new Blob(message, false))); Assert.AssertTrue(rsaOaepContentNoIv.getInitialVector().isNull()); Assert.AssertTrue(rsaOaepContentNoIv.getKeyLocator().getType() != net.named_data.jndn.KeyLocatorType.NONE); Assert.AssertTrue(rsaOaepContentNoIv.getKeyLocator().getKeyName() .equals(new Name("/test/key/locator"))); // Encoding. Blob encryptedBlob2 = new Blob(encryptedNoIv, false); Blob encodedNoIV = rsaOaepContentNoIv.wireEncode(); Assert.AssertTrue(encryptedBlob2.equals(encodedNoIV)); // Decoding. EncryptedContent rsaOaepContentNoIv2 = new EncryptedContent(); rsaOaepContentNoIv2.wireDecode(encryptedBlob2); Assert.AssertEquals(net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaOaep, rsaOaepContentNoIv2.getAlgorithmType()); Assert.AssertTrue(rsaOaepContentNoIv2.getPayload().equals( new Blob(message, false))); Assert.AssertTrue(rsaOaepContentNoIv2.getInitialVector().isNull()); Assert.AssertTrue(rsaOaepContentNoIv2.getKeyLocator().getType() != net.named_data.jndn.KeyLocatorType.NONE); Assert.AssertTrue(rsaOaepContentNoIv2.getKeyLocator().getKeyName() .equals(new Name("/test/key/locator"))); }
public void testSetterGetter() { EncryptedContent content = new EncryptedContent(); Assert.AssertEquals(net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.NONE, content.getAlgorithmType()); Assert.AssertEquals(true, content.getPayload().isNull()); Assert.AssertEquals(true, content.getInitialVector().isNull()); Assert.AssertEquals(net.named_data.jndn.KeyLocatorType.NONE, content.getKeyLocator().getType()); content.setAlgorithmType(net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaOaep); Assert.AssertEquals(net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaOaep, content.getAlgorithmType()); Assert.AssertEquals(true, content.getPayload().isNull()); Assert.AssertEquals(true, content.getInitialVector().isNull()); Assert.AssertEquals(net.named_data.jndn.KeyLocatorType.NONE, content.getKeyLocator().getType()); KeyLocator keyLocator = new KeyLocator(); keyLocator.setType(net.named_data.jndn.KeyLocatorType.KEYNAME); keyLocator.getKeyName().set("/test/key/locator"); content.setKeyLocator(keyLocator); Assert.AssertTrue(content.getKeyLocator().getType() != net.named_data.jndn.KeyLocatorType.NONE); Assert.AssertTrue(content.getKeyLocator().getKeyName() .equals(new Name("/test/key/locator"))); Assert.AssertEquals(true, content.getPayload().isNull()); Assert.AssertEquals(true, content.getInitialVector().isNull()); content.setPayload(new Blob(message, false)); Assert.AssertTrue(content.getPayload().equals(new Blob(message, false))); content.setInitialVector(new Blob(iv, false)); Assert.AssertTrue(content.getInitialVector().equals(new Blob(iv, false))); Blob encoded = content.wireEncode(); Blob contentBlob = new Blob(encrypted, false); Assert.AssertTrue(contentBlob.equals(encoded)); }