org.ccnx.ccn.impl.security.crypto.EncryptedIVStaticContentKeys Class Reference

Specifies encryption algorithm, keys and if necessary IV to use for encrypting or decrypting content. More...

List of all members.

Public Member Functions

 EncryptedIVStaticContentKeys (String encryptionAlgorithm, byte[] key, byte[] ivctr) throws NoSuchAlgorithmException, NoSuchPaddingException
 EncryptedIVStaticContentKeys constructor.
 EncryptedIVStaticContentKeys (byte[] key, byte[] ivctr) throws NoSuchAlgorithmException, NoSuchPaddingException
 Create a EncryptedIVStaticContentKeys with the default algorithm.
 EncryptedIVStaticContentKeys (String encryptionAlgorithm, Key key, byte[] ivCtr) throws NoSuchAlgorithmException, NoSuchPaddingException
 EncryptedIVStaticContentKeys constructor.
 EncryptedIVStaticContentKeys (ContentKeys other)
EncryptedIVStaticContentKeys clone ()
IvParameterSpec buildIVCtr (KeyAndIV keyAndIV, long segmentNumber, int ivCtrLen) throws InvalidKeyException, InvalidAlgorithmParameterException
 Turn a master IV and a segment number into an initial counter of IV for this segment (used in CTR mode).
IvParameterSpec buildEncryptedIV (KeyAndIV keyAndIV, long segmentNumber, int ivLen) throws InvalidKeyException, InvalidAlgorithmParameterException
 Turn a master IV and a segment number into an IV for this segment (used in CBC mode).

Static Public Member Functions

static synchronized ContentKeys generateRandomKeys () throws NoSuchAlgorithmException, NoSuchPaddingException
 Create a set of random encryption/decryption keys using the default algorithm.

Detailed Description

Specifies encryption algorithm, keys and if necessary IV to use for encrypting or decrypting content.

The segmenter will be called with parameters identifying:

* the encryption algorithm and mode to use, if any * the encryption key to use for this particular data item o (the object to be segmented) * an 8-byte value used as an IV seed for this item (CBC mode) or a random counter component (CTR) (derived in KeyDerivation) * the desired full segment (packet) length, including supporting data

In CTR mode, the counter for a given block B (number Bnum) in segment Snum will be constructed as follows:

CTR = IVseed || Snum || Bnum

where the segment and block numbers is represented in unsigned, 1-based big endian format. The total width of the counter value is 16 bytes, where the first 8 bytes are the IV seed value, the next 6 bytes are the segment number, and the last 2 bytes are the block number. A single-segment object following the SegmentationProfile? will still have a segment number component in its name, and will follow the specification above for managing its encryption keys.

In CBC mode, the input IV will be used as a seed to generate an IV for each segment S as follows:

IV = Eko (IVseed || Snum || B0)

Where the segment number is encoded in 1-based, unsigned, big-endian form, and represented in the B-L rightmost bytes of the plaintext above, where B is the width of the block cipher in use, and L is the length of the numeric representation of the segment number. B0 = 1 to maintain consistency with standard CTR mode use. The same IV expansion function is used regardless of mode for simplicity. The encryption is done with the specified key, in CBC mode, using the all-zeros IV

IMPORTANT NOTE: Do not use static keying to encrypt network objects in CTR mode, unless you are careful to only save them once per key. Use CBC mode (under development) or a dynamic keying method, such as KDFContentKeys.


Constructor & Destructor Documentation

org.ccnx.ccn.impl.security.crypto.EncryptedIVStaticContentKeys.EncryptedIVStaticContentKeys ( String  encryptionAlgorithm,
byte[]  key,
byte[]  ivctr 
) throws NoSuchAlgorithmException, NoSuchPaddingException

EncryptedIVStaticContentKeys constructor.

Parameters:
encryptionAlgorithm (e.g. AES/CTR/NoPadding) the encryption algorithm to use. First component of algorithm should be the algorithm associated with the key.
key key material to be used
ivctr iv or counter material to be used with specified algorithm
Exceptions:
NoSuchPaddingException 
NoSuchAlgorithmException 
org.ccnx.ccn.impl.security.crypto.EncryptedIVStaticContentKeys.EncryptedIVStaticContentKeys ( byte[]  key,
byte[]  ivctr 
) throws NoSuchAlgorithmException, NoSuchPaddingException

Create a EncryptedIVStaticContentKeys with the default algorithm.

Exceptions:
NoSuchPaddingException 
NoSuchAlgorithmException 

Member Function Documentation

IvParameterSpec org.ccnx.ccn.impl.security.crypto.EncryptedIVStaticContentKeys.buildEncryptedIV ( KeyAndIV  keyAndIV,
long  segmentNumber,
int  ivLen 
) throws InvalidKeyException, InvalidAlgorithmParameterException

Turn a master IV and a segment number into an IV for this segment (used in CBC mode).

TODO check use of input and output lengths

Parameters:
masterIV the master IV
segmentNumber the segmeont number
ivLen the output IV length requested
Returns:
the IV
Exceptions:
InvalidAlgorithmParameterException 
InvalidKeyException 
BadPaddingException 
IllegalBlockSizeException 
IvParameterSpec org.ccnx.ccn.impl.security.crypto.EncryptedIVStaticContentKeys.buildIVCtr ( KeyAndIV  keyAndIV,
long  segmentNumber,
int  ctrLen 
) throws InvalidKeyException, InvalidAlgorithmParameterException

Turn a master IV and a segment number into an initial counter of IV for this segment (used in CTR mode).

Parameters:
masterIV the master IV
segmentNumber the segment number
ctrLen the output IV length requested
Returns:
the initial counter
Exceptions:
InvalidAlgorithmParameterException 
InvalidKeyException 

Reimplemented from org.ccnx.ccn.impl.security.crypto.StaticContentKeys.

static synchronized ContentKeys org.ccnx.ccn.impl.security.crypto.EncryptedIVStaticContentKeys.generateRandomKeys (  )  throws NoSuchAlgorithmException, NoSuchPaddingException [static]

Create a set of random encryption/decryption keys using the default algorithm.

Returns:
a randomly-generated set of keys and IV that can be used for encryption
Exceptions:
NoSuchPaddingException 
NoSuchAlgorithmException 

Reimplemented from org.ccnx.ccn.impl.security.crypto.StaticContentKeys.


The documentation for this class was generated from the following file:
Generated on Fri May 13 16:27:41 2011 for Content-Centric Networking in Java by  doxygen 1.6.3