Package net.i2p.router.crypto.ratchet

Class ECIESAEADEngine

  • public final class ECIESAEADEngine
extends Object
    Handles the actual ECIES+AEAD encryption and decryption scenarios using the supplied keys and data. No, this does not extend ElGamalAESEngine or AEADEngine or CryptixAEADEngine.
    Since:
    0.9.44

    • Constructor Detail

      • ECIESAEADEngine

        public ECIESAEADEngine​(RouterContext ctx)
        Caller MUST call startup() to get threaded generation. Will still work without, will just generate inline. startup() is called from RatchetSKM constructor so it's deferred until we need it.

    • Method Detail

      • startup

        public void startup()
        May be called multiple times

      • shutdown

        public void shutdown()
        Cannot be restarted

      • decrypt

        public CloveSet decrypt​(byte[] data,
                        PrivateKey targetPrivateKey,
                        RatchetSKM keyManager)
                 throws DataFormatException
        Decrypt the message using the given private key and using tags from the specified key manager. This works according to the ECIES+AEAD algorithm in the data structure spec. Warning - use the correct SessionKeyManager. Clients should instantiate their own. Clients using I2PAppContext.sessionKeyManager() may be correlated with the router, unless you are careful to use different keys.
        Returns:
        decrypted data or null on failure
        Throws:
        DataFormatException

      • encrypt

        public byte[] encrypt​(CloveSet cloves,
                      PublicKey target,
                      Destination to,
                      PrivateKey priv,
                      RatchetSKM keyManager,
                      ReplyCallback callback)
        Encrypt the data to the target using the given key and deliver the specified tags No new session key This is the one called from GarlicMessageBuilder and is the primary entry point.
        Parameters:
        target - public key to which the data should be encrypted.
        to - ignored if priv is null
        priv - local private key to encrypt with, from the leaseset may be null for anonymous (N-in-IK)
        keyManager - ignored if priv is null
        callback - may be null, if non-null an ack will be requested (except NS/NSR), ignored if priv is null
        Returns:
        encrypted data or null on failure

      • encrypt

        public byte[] encrypt​(CloveSet cloves,
                      SessionKey key,
                      RatchetSessionTag tag)
        Create an Existing Session Message to an anonymous target using the given session key and tag, for netdb DSM/DSRM replies. Called from MessageWrapper. No datetime, no next key, no acks, no ack requests. n=0, ad=null. 
          - 8 byte SessionTag
  - payload
  - 16 byte MAC
        Returns:
        encrypted data or null on failure
        Since:
        0.9.46

      • encrypt

        public byte[] encrypt​(CloveSet cloves,
                      PublicKey target)
        Encrypt the data to the target using the given key from an anonymous source, for netdb lookups. Called from MessageWrapper.
        Parameters:
        target - public key to which the data should be encrypted.
        Returns:
        encrypted data or null on failure
        Since:
        0.9.48