Package net.i2p.router.crypto
Class ElGamalAESEngine
- java.lang.Object
-
- net.i2p.router.crypto.ElGamalAESEngine
-
public final class ElGamalAESEngine extends Object
Handles the actual ElGamal+AES encryption and decryption scenarios using the supplied keys and data. No, this does not extend AESEngine or CryptixAESEngine.- Since:
- 0.9.38 moved from net.i2p.crypto
-
-
Field Summary
Fields Modifier and Type Field Description static int
MAX_TAGS_RECEIVED
enforced since release 0.6
-
Constructor Summary
Constructors Constructor Description ElGamalAESEngine(I2PAppContext ctx)
-
Method Summary
All Methods Instance Methods Concrete Methods Deprecated Methods Modifier and Type Method Description byte[]
decrypt(byte[] data, PrivateKey targetPrivateKey)
Deprecated.specify the key manager!byte[]
decrypt(byte[] data, PrivateKey targetPrivateKey, SessionKeyManager keyManager)
Decrypt the message using the given private key and using tags from the specified key manager.(package private) byte[]
decryptAESBlock(byte[] encrypted, int offset, int encryptedLen, SessionKey key, byte[] iv, byte[] sentTag, Set<SessionTag> foundTags, SessionKey foundKey)
private byte[] decryptAESBlock(byte encrypted[], SessionKey key, byte iv[], byte sentTag[], Set foundTags, SessionKey foundKey) throws DataFormatException { return decryptAESBlock(encrypted, 0, encrypted.length, key, iv, sentTag, foundTags, foundKey); }byte[]
decryptFast(byte[] data, PrivateKey targetPrivateKey, SessionKeyManager keyManager)
Tags only.byte[]
decryptSlow(byte[] data, PrivateKey targetPrivateKey, SessionKeyManager keyManager)
Full ElG only.byte[]
encrypt(byte[] data, PublicKey target, SessionKey key, long paddedSize)
Deprecated.unusedbyte[]
encrypt(byte[] data, PublicKey target, SessionKey key, Set<SessionTag> tagsForDelivery, long paddedSize)
Deprecated.unusedbyte[]
encrypt(byte[] data, PublicKey target, SessionKey key, Set<SessionTag> tagsForDelivery, SessionTag currentTag, long paddedSize)
Encrypt the data to the target using the given key and deliver the specified tags No new session key This is the one called from GarlicMessageBuilder and is the primary entry point.byte[]
encrypt(byte[] data, PublicKey target, SessionKey key, Set<SessionTag> tagsForDelivery, SessionTag currentTag, SessionKey newKey, long paddedSize)
Encrypt the unencrypted data to the target.(package private) byte[]
encryptAESBlock(byte[] data, SessionKey key, byte[] iv, Set<SessionTag> tagsForDelivery, SessionKey newKey, long paddedSize)
For both scenarios, this method encrypts the AES area using the given key, iv and making sure the resulting data is at least as long as the paddedSize and also mod 16 bytes.
-
-
-
Field Detail
-
MAX_TAGS_RECEIVED
public static final int MAX_TAGS_RECEIVED
enforced since release 0.6- See Also:
- Constant Field Values
-
-
Constructor Detail
-
ElGamalAESEngine
public ElGamalAESEngine(I2PAppContext ctx)
-
-
Method Detail
-
decrypt
public byte[] decrypt(byte[] data, PrivateKey targetPrivateKey) throws DataFormatException
Deprecated.specify the key manager!Decrypt the message using the given private key using tags from the default key manager, which is the router's key manager. Use extreme care if you aren't the router.- Throws:
DataFormatException
-
decrypt
public byte[] decrypt(byte[] data, PrivateKey targetPrivateKey, SessionKeyManager keyManager) throws DataFormatException
Decrypt the message using the given private key and using tags from the specified key manager. This works according to the ElGamal+AES algorithm in the data structure spec. Warning - use the correct SessionKeyManager. Clients should instantiate their own. Clients using I2PAppContext.sessionKeyManager() may be correlated with the router, unless you are careful to use different keys.- Returns:
- decrypted data or null on failure
- Throws:
DataFormatException
-
decryptFast
public byte[] decryptFast(byte[] data, PrivateKey targetPrivateKey, SessionKeyManager keyManager) throws DataFormatException
Tags only. For MuxedEngine use only.- Returns:
- decrypted data or null on failure
- Throws:
DataFormatException
- Since:
- 0.9.46
-
decryptSlow
public byte[] decryptSlow(byte[] data, PrivateKey targetPrivateKey, SessionKeyManager keyManager) throws DataFormatException
Full ElG only. For MuxedEngine use only.- Returns:
- decrypted data or null on failure
- Throws:
DataFormatException
- Since:
- 0.9.46
-
decryptAESBlock
byte[] decryptAESBlock(byte[] encrypted, int offset, int encryptedLen, SessionKey key, byte[] iv, byte[] sentTag, Set<SessionTag> foundTags, SessionKey foundKey) throws DataFormatException
private byte[] decryptAESBlock(byte encrypted[], SessionKey key, byte iv[], byte sentTag[], Set foundTags, SessionKey foundKey) throws DataFormatException { return decryptAESBlock(encrypted, 0, encrypted.length, key, iv, sentTag, foundTags, foundKey); }- Throws:
DataFormatException
-
encrypt
public byte[] encrypt(byte[] data, PublicKey target, SessionKey key, Set<SessionTag> tagsForDelivery, SessionTag currentTag, SessionKey newKey, long paddedSize)
Encrypt the unencrypted data to the target. The total size returned will be no less than the paddedSize parameter, but may be more. This method uses the ElGamal+AES algorithm in the data structure spec.- Parameters:
target
- public key to which the data should be encrypted, must be ELGAMAL_2048. May be null if key and currentTag are non-null.key
- session key to use during encryptiontagsForDelivery
- session tags to be associated with the key (or newKey if specified), or null; 200 max enforced at receivercurrentTag
- sessionTag to use, or null if it should use ElG (i.e. new session)newKey
- key to be delivered to the target, with which the tagsForDelivery should be associated, or nullpaddedSize
- minimum size in bytes of the body after padding it (if less than the body's real size, no bytes are appended but the body is not truncated)- Throws:
IllegalArgumentException
- on bad target EncType Unused externally, only called by below (i.e. newKey is always null)
-
encrypt
public byte[] encrypt(byte[] data, PublicKey target, SessionKey key, Set<SessionTag> tagsForDelivery, SessionTag currentTag, long paddedSize)
Encrypt the data to the target using the given key and deliver the specified tags No new session key This is the one called from GarlicMessageBuilder and is the primary entry point. Re: padded size: The AES block adds at least 39 bytes of overhead to the data, and that is included in the minimum size calculation. In the router, we always use garlic messages. A garlic message with a single clove and zero data is about 84 bytes, so that's 123 bytes minimum. So any paddingSize <= 128 is a no-op as every message will be at least 128 bytes (Streaming, if used, adds more overhead). Outside the router, with a client using its own message format, the minimum size is 48, so any paddingSize <= 48 is a no-op. Not included in the minimum is a 32-byte session tag for an existing session, or a 514-byte ElGamal block and several 32-byte session tags for a new session. So the returned encrypted data will be at least 32 bytes larger than paddedSize.- Parameters:
target
- public key to which the data should be encrypted, must be ELGAMAL_2048. May be null if key and currentTag are non-null.key
- session key to use during encryptiontagsForDelivery
- session tags to be associated with the key or null; 200 max enforced at receivercurrentTag
- sessionTag to use, or null if it should use ElG (i.e. new session)paddedSize
- minimum size in bytes of the body after padding it (if less than the body's real size, no bytes are appended but the body is not truncated)- Throws:
IllegalArgumentException
- on bad target EncType
-
encrypt
public byte[] encrypt(byte[] data, PublicKey target, SessionKey key, Set<SessionTag> tagsForDelivery, long paddedSize)
Deprecated.unusedEncrypt the data to the target using the given key and deliver the specified tags No new session key No current tag (encrypt as new session)- Parameters:
tagsForDelivery
- session tags to be associated with the key or null; 200 max enforced at receiver- Throws:
IllegalArgumentException
- on bad target EncType
-
encrypt
public byte[] encrypt(byte[] data, PublicKey target, SessionKey key, long paddedSize)
Deprecated.unusedEncrypt the data to the target using the given key delivering no tags No new session key No current tag (encrypt as new session)- Throws:
IllegalArgumentException
- on bad target EncType
-
encryptAESBlock
final byte[] encryptAESBlock(byte[] data, SessionKey key, byte[] iv, Set<SessionTag> tagsForDelivery, SessionKey newKey, long paddedSize)
For both scenarios, this method encrypts the AES area using the given key, iv and making sure the resulting data is at least as long as the paddedSize and also mod 16 bytes. The contents of the encrypted data is:- 2 byte integer specifying the # of session tags - that many 32 byte session tags - 4 byte integer specifying data.length - SHA256 of data - 1 byte flag that, if == 1, is followed by a new SessionKey - data - random bytes, padding the total size to greater than paddedSize with a mod 16 = 0
Note: package private for ElGamalTest.testAES()- Parameters:
tagsForDelivery
- session tags to be associated with the key or null; 200 max enforced at receiver
-
-