Public Member Functions | |
EncryptedIVStaticContentKeys (String encryptionAlgorithm, byte[] key, byte[] ivctr) throws NoSuchAlgorithmException, NoSuchPaddingException | |
EncryptedIVStaticContentKeys constructor. | |
EncryptedIVStaticContentKeys (byte[] key, byte[] ivctr) throws NoSuchAlgorithmException, NoSuchPaddingException | |
Create a EncryptedIVStaticContentKeys with the default algorithm. | |
EncryptedIVStaticContentKeys (String encryptionAlgorithm, Key key, byte[] ivCtr) throws NoSuchAlgorithmException, NoSuchPaddingException | |
EncryptedIVStaticContentKeys constructor. | |
EncryptedIVStaticContentKeys (ContentKeys other) | |
EncryptedIVStaticContentKeys | clone () |
IvParameterSpec | buildIVCtr (KeyAndIV keyAndIV, long segmentNumber, int ivCtrLen) throws InvalidKeyException, InvalidAlgorithmParameterException |
Turn a master IV and a segment number into an initial counter of IV for this segment (used in CTR mode). | |
IvParameterSpec | buildEncryptedIV (KeyAndIV keyAndIV, long segmentNumber, int ivLen) throws InvalidKeyException, InvalidAlgorithmParameterException |
Turn a master IV and a segment number into an IV for this segment (used in CBC mode). | |
Static Public Member Functions | |
static synchronized ContentKeys | generateRandomKeys () throws NoSuchAlgorithmException, NoSuchPaddingException |
Create a set of random encryption/decryption keys using the default algorithm. |
The segmenter will be called with parameters identifying:
* the encryption algorithm and mode to use, if any * the encryption key to use for this particular data item o (the object to be segmented) * an 8-byte value used as an IV seed for this item (CBC mode) or a random counter component (CTR) (derived in KeyDerivation) * the desired full segment (packet) length, including supporting data
In CTR mode, the counter for a given block B (number Bnum) in segment Snum will be constructed as follows:
CTR = IVseed || Snum || Bnum
where the segment and block numbers is represented in unsigned, 1-based big endian format. The total width of the counter value is 16 bytes, where the first 8 bytes are the IV seed value, the next 6 bytes are the segment number, and the last 2 bytes are the block number. A single-segment object following the SegmentationProfile? will still have a segment number component in its name, and will follow the specification above for managing its encryption keys.
In CBC mode, the input IV will be used as a seed to generate an IV for each segment S as follows:
IV = Eko (IVseed || Snum || B0)
Where the segment number is encoded in 1-based, unsigned, big-endian form, and represented in the B-L rightmost bytes of the plaintext above, where B is the width of the block cipher in use, and L is the length of the numeric representation of the segment number. B0 = 1 to maintain consistency with standard CTR mode use. The same IV expansion function is used regardless of mode for simplicity. The encryption is done with the specified key, in CBC mode, using the all-zeros IV
IMPORTANT NOTE: Do not use static keying to encrypt network objects in CTR mode, unless you are careful to only save them once per key. Use CBC mode (under development) or a dynamic keying method, such as KDFContentKeys.
org.ccnx.ccn.impl.security.crypto.EncryptedIVStaticContentKeys.EncryptedIVStaticContentKeys | ( | String | encryptionAlgorithm, | |
byte[] | key, | |||
byte[] | ivctr | |||
) | throws NoSuchAlgorithmException, NoSuchPaddingException |
EncryptedIVStaticContentKeys constructor.
encryptionAlgorithm | (e.g. AES/CTR/NoPadding) the encryption algorithm to use. First component of algorithm should be the algorithm associated with the key. | |
key | key material to be used | |
ivctr | iv or counter material to be used with specified algorithm |
NoSuchPaddingException | ||
NoSuchAlgorithmException |
org.ccnx.ccn.impl.security.crypto.EncryptedIVStaticContentKeys.EncryptedIVStaticContentKeys | ( | byte[] | key, | |
byte[] | ivctr | |||
) | throws NoSuchAlgorithmException, NoSuchPaddingException |
Create a EncryptedIVStaticContentKeys with the default algorithm.
NoSuchPaddingException | ||
NoSuchAlgorithmException |
static synchronized ContentKeys org.ccnx.ccn.impl.security.crypto.EncryptedIVStaticContentKeys.generateRandomKeys | ( | ) | throws NoSuchAlgorithmException, NoSuchPaddingException [static] |
Create a set of random encryption/decryption keys using the default algorithm.
NoSuchPaddingException | ||
NoSuchAlgorithmException |
Reimplemented from org.ccnx.ccn.impl.security.crypto.StaticContentKeys.
IvParameterSpec org.ccnx.ccn.impl.security.crypto.EncryptedIVStaticContentKeys.buildIVCtr | ( | KeyAndIV | keyAndIV, | |
long | segmentNumber, | |||
int | ctrLen | |||
) | throws InvalidKeyException, InvalidAlgorithmParameterException |
Turn a master IV and a segment number into an initial counter of IV for this segment (used in CTR mode).
masterIV | the master IV | |
segmentNumber | the segment number | |
ctrLen | the output IV length requested |
InvalidAlgorithmParameterException | ||
InvalidKeyException |
Reimplemented from org.ccnx.ccn.impl.security.crypto.StaticContentKeys.
IvParameterSpec org.ccnx.ccn.impl.security.crypto.EncryptedIVStaticContentKeys.buildEncryptedIV | ( | KeyAndIV | keyAndIV, | |
long | segmentNumber, | |||
int | ivLen | |||
) | throws InvalidKeyException, InvalidAlgorithmParameterException |
Turn a master IV and a segment number into an IV for this segment (used in CBC mode).
TODO check use of input and output lengths
masterIV | the master IV | |
segmentNumber | the segmeont number | |
ivLen | the output IV length requested |
InvalidAlgorithmParameterException | ||
InvalidKeyException | ||
BadPaddingException | ||
IllegalBlockSizeException |