Package net.i2p.router.crypto.ratchet

Class ECIESAEADEngine

java.lang.Object

net.i2p.router.crypto.ratchet.ECIESAEADEngine

public final class ECIESAEADEngine
extends Object

Handles the actual ECIES+AEAD encryption and decryption scenarios using the supplied keys and data. No, this does not extend ElGamalAESEngine or AEADEngine or CryptixAEADEngine.

Since:

0.9.44

Field Summary

Fields

Modifier and Type	Field	Description
(package private) static final long	MAX_NS_AGE

Constructor Summary

Constructors

Constructor	Description
ECIESAEADEngine(RouterContext ctx)	Caller MUST call startup() to get threaded generation.

Method Summary

Modifier and Type	Method	Description
CloveSet	decrypt(byte[] data, PrivateKey elgKey, PrivateKey ecKey, MuxedSKM keyManager)	Try to decrypt the message with one or both of the given private keys
CloveSet	decrypt(byte[] data, PrivateKey targetPrivateKey, RatchetSKM keyManager)	Decrypt the message using the given private key and using tags from the specified key manager.
(package private) CloveSet	decryptFast(byte[] data, PrivateKey targetPrivateKey, RatchetSKM keyManager)	NSR/ES only.
(package private) CloveSet	decryptSlow(byte[] data, PrivateKey targetPrivateKey, RatchetSKM keyManager)	NS only.
(package private) static final PrivateKey	doDH(PrivateKey privkey, PublicKey pubkey)
byte[]	encrypt(CloveSet cloves, PublicKey target)	Encrypt the data to the target using the given key from an anonymous source, for netdb lookups.
byte[]	encrypt(CloveSet cloves, PublicKey target, Destination to, PrivateKey priv, RatchetSKM keyManager, ReplyCallback callback)	Encrypt the data to the target using the given key and deliver the specified tags No new session key This is the one called from GarlicMessageBuilder and is the primary entry point.
byte[]	encrypt(CloveSet cloves, SessionKey key, RatchetSessionTag tag)	Create an Existing Session Message to an anonymous target using the given session key and tag, for netdb DSM/DSRM replies.
void	shutdown()	Cannot be restarted
void	startup()	May be called multiple times

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

MAX_NS_AGE

static final long MAX_NS_AGE

See Also:

• Constant Field Values

Constructor Details

ECIESAEADEngine

public ECIESAEADEngine(RouterContext ctx)

Caller MUST call startup() to get threaded generation. Will still work without, will just generate inline. startup() is called from RatchetSKM constructor so it's deferred until we need it.

Method Details

startup

public void startup()

May be called multiple times

shutdown

public void shutdown()

Cannot be restarted

decrypt

public CloveSet decrypt(byte[] data,
 PrivateKey elgKey,
 PrivateKey ecKey,
 MuxedSKM keyManager)
                 throws DataFormatException

Try to decrypt the message with one or both of the given private keys

Parameters:

elgKey - must be ElG, non-null

ecKey - must be EC, non-null

Returns:

decrypted data or null on failure

Throws:

DataFormatException

decrypt

public CloveSet decrypt(byte[] data,
 PrivateKey targetPrivateKey,
 RatchetSKM keyManager)
                 throws DataFormatException

Decrypt the message using the given private key and using tags from the specified key manager. This works according to the ECIES+AEAD algorithm in the data structure spec. Warning - use the correct SessionKeyManager. Clients should instantiate their own. Clients using I2PAppContext.sessionKeyManager() may be correlated with the router, unless you are careful to use different keys.

Returns:

decrypted data or null on failure

Throws:

DataFormatException

decryptFast

CloveSet decryptFast(byte[] data,
 PrivateKey targetPrivateKey,
 RatchetSKM keyManager)
              throws DataFormatException

NSR/ES only. For MuxedEngine use only.

Returns:

decrypted data or null on failure

Throws:

DataFormatException

Since:

0.9.46

decryptSlow

CloveSet decryptSlow(byte[] data,
 PrivateKey targetPrivateKey,
 RatchetSKM keyManager)
              throws DataFormatException

NS only. For MuxedEngine use only.

Returns:

decrypted data or null on failure

Throws:

DataFormatException

Since:

0.9.46

encrypt

public byte[] encrypt(CloveSet cloves,
 PublicKey target,
 Destination to,
 PrivateKey priv,
 RatchetSKM keyManager,
 ReplyCallback callback)

Encrypt the data to the target using the given key and deliver the specified tags No new session key This is the one called from GarlicMessageBuilder and is the primary entry point.

Parameters:

target - public key to which the data should be encrypted.

to - ignored if priv is null

priv - local private key to encrypt with, from the leaseset may be null for anonymous (N-in-IK)

keyManager - ignored if priv is null

callback - may be null, if non-null an ack will be requested (except NS/NSR), ignored if priv is null

Returns:

encrypted data or null on failure

encrypt

public byte[] encrypt(CloveSet cloves,
 SessionKey key,
 RatchetSessionTag tag)

Create an Existing Session Message to an anonymous target using the given session key and tag, for netdb DSM/DSRM replies. Called from MessageWrapper. No datetime, no next key, no acks, no ack requests. n=0, ad=null.

  - 8 byte SessionTag
  - payload
  - 16 byte MAC
 

Returns:

encrypted data or null on failure

Since:

0.9.46

encrypt

public byte[] encrypt(CloveSet cloves,
 PublicKey target)

Encrypt the data to the target using the given key from an anonymous source, for netdb lookups. Called from MessageWrapper.

Parameters:

target - public key to which the data should be encrypted.

Returns:

encrypted data or null on failure

Since:

0.9.48

doDH

static final PrivateKey doDH(PrivateKey privkey,
 PublicKey pubkey)