Class ECIESAEADEngine


  • public final class ECIESAEADEngine
    extends Object
    Handles the actual ECIES+AEAD encryption and decryption scenarios using the supplied keys and data. No, this does not extend ElGamalAESEngine or AEADEngine or CryptixAEADEngine.
    Since:
    0.9.44
    • Constructor Detail

      • ECIESAEADEngine

        public ECIESAEADEngine​(RouterContext ctx)
        Caller MUST call startup() to get threaded generation. Will still work without, will just generate inline. startup() is called from RatchetSKM constructor so it's deferred until we need it.
    • Method Detail

      • startup

        public void startup()
        May be called multiple times
      • shutdown

        public void shutdown()
        Cannot be restarted
      • decrypt

        public CloveSet decrypt​(byte[] data,
                                PrivateKey targetPrivateKey,
                                RatchetSKM keyManager)
                         throws DataFormatException
        Decrypt the message using the given private key and using tags from the specified key manager. This works according to the ECIES+AEAD algorithm in the data structure spec. Warning - use the correct SessionKeyManager. Clients should instantiate their own. Clients using I2PAppContext.sessionKeyManager() may be correlated with the router, unless you are careful to use different keys.
        Returns:
        decrypted data or null on failure
        Throws:
        DataFormatException
      • encrypt

        public byte[] encrypt​(CloveSet cloves,
                              PublicKey target,
                              PrivateKey priv,
                              RatchetSKM keyManager,
                              ReplyCallback callback)
        Encrypt the data to the target using the given key and deliver the specified tags No new session key This is the one called from GarlicMessageBuilder and is the primary entry point. Re: padded size: The AEAD block adds at least 39 bytes of overhead to the data, and that is included in the minimum size calculation. In the router, we always use garlic messages. A garlic message with a single clove and zero data is about 84 bytes, so that's 123 bytes minimum. So any paddingSize <= 128 is a no-op as every message will be at least 128 bytes (Streaming, if used, adds more overhead). Outside the router, with a client using its own message format, the minimum size is 48, so any paddingSize <= 48 is a no-op. Not included in the minimum is a 32-byte session tag for an existing session, or a 514-byte ECIES block and several 32-byte session tags for a new session. So the returned encrypted data will be at least 32 bytes larger than paddedSize.
        Parameters:
        target - public key to which the data should be encrypted.
        priv - local private key to encrypt with, from the leaseset
        callback - may be null, if non-null an ack will be requested (except NS/NSR)
        Returns:
        encrypted data or null on failure
      • encrypt

        public byte[] encrypt​(CloveSet cloves,
                              SessionKey key,
                              RatchetSessionTag tag)
        Create an Existing Session Message to an anonymous target using the given session key and tag, for netdb DSM/DSRM replies. Called from MessageWrapper. No datetime, no next key, no acks, no ack requests. n=0, ad=null.
          - 8 byte SessionTag
          - payload
          - 16 byte MAC
         
        Returns:
        encrypted data or null on failure
        Since:
        0.9.46