com.cosmian.jna.abe

Class Ffi

java.lang.Object

com.cosmian.jna.abe.Ffi

public final class Ffi
extends Object

Constructor Summary

Constructors

Constructor and Description
Ffi(FfiWrapper instance, Specifications abeSpecifications)

Method Summary

Modifier and Type	Method and Description
int	createDecryptionCache(byte[] userDecryptionKeyBytes) Create a decryption cache that can be used with decryptHeaderUsingCache(int, byte[]) Use of the cache speeds up the decryption of the header.
int	createDecryptionCache(PrivateKey userDecryptionKey) Create an decryption cache that can be used with decryptHeaderUsingCache(int, byte[]) Use of the cache speeds up decryption of the header WARN: the cache MUST be destroyed after use with destroyDecryptionCache(int)
int	createEncryptionCache(Policy policy, byte[] publicKeyBytes) Create an encryption cache that can be used with encryptHeaderUsingCache(int, Attr[]) Use of the cache speeds up the encryption of the header.
int	createEncryptionCache(PublicKey publicKey) Create an encryption cache that can be used with encryptHeaderUsingCache(int, Attr[]) se of the cache speeds up the encryption of the header.
byte[]	decryptBlock(byte[] symmetricKey, byte[] encryptedBytes) Symmetrically decrypt a block of encrypted data.
byte[]	decryptBlock(byte[] symmetricKey, byte[] uid, int blockNumber, byte[] encryptedBytes) Symmetrically decrypt a block of encrypted data.
DecryptedHeader	decryptHeader(byte[] userDecryptionKeyBytes, byte[] encryptedHeaderBytes, int uidLen, int additionalDataLen) Decrypt a hybrid header, recovering the symmetric key, and optionally, the resource UID and additional data
DecryptedHeader	decryptHeader(PrivateKey userDecryptionKey, byte[] encryptedHeaderBytes) Decrypt a hybrid header, recovering the symmetric key
DecryptedHeader	decryptHeader(PrivateKey userDecryptionKey, byte[] encryptedHeaderBytes, int uidLen, int additionalDataLen) Decrypt a hybrid header, recovering the symmetric key, and optionally, the resource UID and additional data
DecryptedHeader	decryptHeaderUsingCache(int cacheHandle, byte[] encryptedHeaderBytes) Decrypt a hybrid header using a cache, recovering the symmetric key
DecryptedHeader	decryptHeaderUsingCache(int cacheHandle, byte[] encryptedHeaderBytes, int uidLen, int additionalDataLen) Decrypt a hybrid header using a cache, recovering the symmetric key, and optionally, the resource UID and additional data
void	destroyDecryptionCache(int cacheHandle) Destroy the cache created with createDecryptionCache(byte[])
void	destroyEncryptionCache(int cacheHandle) Destroy the cache created with createEncryptionCache(Policy, byte[])
byte[]	encryptBlock(byte[] symmetricKey, byte[] clearText) Symmetrically encrypt a block of clear text data.
byte[]	encryptBlock(byte[] symmetricKey, byte[] uid, int blockNumber, byte[] clearText) Symmetrically encrypt a block of clear text data.
EncryptedHeader	encryptHeader(Policy policy, byte[] publicKeyBytes, Attr[] attributes, Optional<byte[]> uid, Optional<byte[]> additionalData) Generate an hybrid encryption header.
EncryptedHeader	encryptHeader(PublicKey publicKey, Attr[] attributes) Generate an hybrid encryption header.
EncryptedHeader	encryptHeader(PublicKey publicKey, Attr[] attributes, Optional<byte[]> uid, Optional<byte[]> additionalData) Generate an hybrid encryption header.
EncryptedHeader	encryptHeaderUsingCache(int cacheHandle, Attr[] attributes) Generate an hybrid encryption header using a pre-cached Public Key and Policy.
EncryptedHeader	encryptHeaderUsingCache(int cacheHandle, Attr[] attributes, Optional<byte[]> uid, Optional<byte[]> additionalData) Generate an hybrid encryption header using a pre-cached Public Key and Policy.
MasterKeys	generateMasterKeys(Policy policy) Generate the master private and public keys using the ABE policy
byte[]	generateUserPrivateKey(byte[] masterPrivateKey, AccessPolicy accessPolicy, Policy policy) Generate the user private key
String	get_last_error() Return the last error in a String that does not exceed 1023 bytes
String	get_last_error(int max_len) Return the last error in a String that does not exceed `max_len` bytes
Policy	rotateAttributes(Attr[] attributes, Policy policy) Rotate attributes, changing their underlying value with that of an unused slot
void	set_error(String error_msg) Set the last error on the native lib
int	symmetricEncryptionOverhead() The overhead in bytes (over the clear text) generated by the symmetric encryption scheme (AES 256 GCM)
void	unwrap(int result) If the result of the last FFI call is in Error, recover the last error from the native code and throw an exception wrapping it.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

Ffi

public Ffi(FfiWrapper instance,
           Specifications abeSpecifications)

Method Detail

get_last_error

public String get_last_error()
                      throws FfiException

Return the last error in a String that does not exceed 1023 bytes

Returns:

the last error recorded by the native library

Throws:

FfiException - in case of native library error

get_last_error

public String get_last_error(int max_len)
                      throws FfiException

Return the last error in a String that does not exceed `max_len` bytes

Parameters:

max_len - the maximum number of bytes to return

Returns:

the error

Throws:

FfiException - in case of native library error

set_error

public void set_error(String error_msg)
               throws FfiException

Set the last error on the native lib

Parameters:

error_msg - the last error to set on the native lib

Throws:

FfiException - n case of native library error

createEncryptionCache

public int createEncryptionCache(PublicKey publicKey)
                          throws FfiException,
                                 CosmianException

Create an encryption cache that can be used with encryptHeaderUsingCache(int, Attr[]) se of the cache speeds up the encryption of the header. WARN: the cache MUST be destroyed after use with destroyEncryptionCache(int)

Parameters:

publicKey - the public key to cache

Returns:

the cache handle that can be passed to the encryption routine

Throws:

FfiException - on Rust lib errors

CosmianException - in case of other errors

createEncryptionCache

public int createEncryptionCache(Policy policy,
                                 byte[] publicKeyBytes)
                          throws FfiException,
                                 CosmianException

Create an encryption cache that can be used with encryptHeaderUsingCache(int, Attr[]) Use of the cache speeds up the encryption of the header. WARN: the cache MUST be destroyed after use with destroyEncryptionCache(int)

Parameters:

policy - the Policy to cache

publicKeyBytes - the public key bytes to cache

Returns:

the cache handle that can be passed to the encryption routine

Throws:

FfiException - on Rust lib errors

CosmianException - in case of other errors

destroyEncryptionCache

public void destroyEncryptionCache(int cacheHandle)
                            throws FfiException,
                                   CosmianException

Destroy the cache created with createEncryptionCache(Policy, byte[])

Parameters:

cacheHandle - the pointer to the cache to destroy

Throws:

FfiException - on Rust lib errors

CosmianException - in case of other errors

encryptHeaderUsingCache

public EncryptedHeader encryptHeaderUsingCache(int cacheHandle,
                                               Attr[] attributes)
                                        throws FfiException,
                                               CosmianException

Generate an hybrid encryption header using a pre-cached Public Key and Policy. A symmetric key is randomly generated and encrypted using the ABEschemes and the provided policy attributes for the given policy

Parameters:

cacheHandle - the pointer to the int

attributes - the policy attributes used to encrypt the generated symmetric key

Returns:

the encrypted header, bytes and symmetric key

Throws:

FfiException - in case of native library error

CosmianException - in case the Policy and key bytes cannot be recovered from the PublicKey

encryptHeaderUsingCache

public EncryptedHeader encryptHeaderUsingCache(int cacheHandle,
                                               Attr[] attributes,
                                               Optional<byte[]> uid,
                                               Optional<byte[]> additionalData)
                                        throws FfiException,
                                               CosmianException

Generate an hybrid encryption header using a pre-cached Public Key and Policy. A symmetric key is randomly generated and encrypted using the ABE schemes and the provided policy attributes for the given policy. . If provided, the resource `uid` and the `additionalData` are symmetrically encrypted and appended to the encrypted header.

Parameters:

cacheHandle - the pointer to the int

attributes - the policy attributes used to encrypt the generated symmetric key

uid - the optional resource uid

additionalData - optional additional data

Returns:

the encrypted header, bytes and symmetric key

Throws:

FfiException - in case of native library error

CosmianException - in case the Policy and key bytes cannot be recovered from the PublicKey

encryptHeader

public EncryptedHeader encryptHeader(PublicKey publicKey,
                                     Attr[] attributes)
                              throws FfiException,
                                     CosmianException

Generate an hybrid encryption header. A symmetric key is randomly generated and encrypted using the ABE schemes and the provided policy attributes for the given policy

Parameters:

publicKey - the ABE public key also holds the Policy

attributes - the policy attributes used to encrypt the generated symmetric key

Returns:

the encrypted header, bytes and symmetric key

Throws:

FfiException - in case of native library error

CosmianException - in case the Policy and key bytes cannot be recovered from the PublicKey

encryptHeader

public EncryptedHeader encryptHeader(PublicKey publicKey,
                                     Attr[] attributes,
                                     Optional<byte[]> uid,
                                     Optional<byte[]> additionalData)
                              throws FfiException,
                                     CosmianException

Generate an hybrid encryption header. A symmetric key is randomly generated and encrypted using the ABE schemes and the provided policy attributes for the given policy. . If provided, the resource `uid` and the `additionalData` are symmetrically encrypted and appended to the encrypted header.

Parameters:

publicKey - the ABE public key also holds the Policy

attributes - the policy attributes used to encrypt the generated symmetric key

uid - the optional resource uid

additionalData - optional additional data

Returns:

the encrypted header, bytes and symmetric key

Throws:

FfiException - in case of native library error

CosmianException - in case the Policy and key bytes cannot be recovered from the PublicKey

encryptHeader

public EncryptedHeader encryptHeader(Policy policy,
                                     byte[] publicKeyBytes,
                                     Attr[] attributes,
                                     Optional<byte[]> uid,
                                     Optional<byte[]> additionalData)
                              throws FfiException

Generate an hybrid encryption header. A symmetric key is randomly generated and encrypted using the ABE schemes and the provided policy attributes for the given policy. If provided, the resource `uid` and the `additionalData` are symmetrically encrypted and appended to the encrypted header.

Parameters:

policy - the policy to use

publicKeyBytes - the ABE public key bytes

attributes - the policy attributes used to encrypt the generated symmetric key

uid - the optional resource uid

additionalData - optional additional data

Returns:

the encrypted header, bytes and symmetric key

Throws:

FfiException - in case of native library error

createDecryptionCache

public int createDecryptionCache(PrivateKey userDecryptionKey)
                          throws FfiException,
                                 CosmianException

Create an decryption cache that can be used with decryptHeaderUsingCache(int, byte[]) Use of the cache speeds up decryption of the header WARN: the cache MUST be destroyed after use with destroyDecryptionCache(int)

Parameters:

userDecryptionKey - the public key to cache

Returns:

the cache handle that can be passed to the decryption routine

Throws:

FfiException - on Rust lib errors

CosmianException - in case of other errors

createDecryptionCache

public int createDecryptionCache(byte[] userDecryptionKeyBytes)
                          throws FfiException,
                                 CosmianException

Create a decryption cache that can be used with decryptHeaderUsingCache(int, byte[]) Use of the cache speeds up the decryption of the header. WARN: the cache MUST be destroyed after use with destroyDecryptionCache(int)

Parameters:

userDecryptionKeyBytes - the public key bytes to cache

Returns:

the cache handle that can be passed to the decryption routine

Throws:

FfiException - on Rust lib errors

CosmianException - in case of other errors

destroyDecryptionCache

public void destroyDecryptionCache(int cacheHandle)
                            throws FfiException,
                                   CosmianException

Destroy the cache created with createDecryptionCache(byte[])

Parameters:

cacheHandle - the pointer to the cache to destroy

Throws:

FfiException - on Rust lib errors

CosmianException - in case of other errors

decryptHeaderUsingCache

public DecryptedHeader decryptHeaderUsingCache(int cacheHandle,
                                               byte[] encryptedHeaderBytes)
                                        throws FfiException,
                                               CosmianException

Decrypt a hybrid header using a cache, recovering the symmetric key

Parameters:

cacheHandle - the cache to the user decryption key

encryptedHeaderBytes - the encrypted header

Returns:

The decrypted header: symmetric key, uid and additional data

Throws:

FfiException - in case of native library error

CosmianException - in case the key bytes cannot be recovered from the PrivateKey

decryptHeaderUsingCache

public DecryptedHeader decryptHeaderUsingCache(int cacheHandle,
                                               byte[] encryptedHeaderBytes,
                                               int uidLen,
                                               int additionalDataLen)
                                        throws FfiException

Decrypt a hybrid header using a cache, recovering the symmetric key, and optionally, the resource UID and additional data

Parameters:

cacheHandle - the cache to the user decryption key

encryptedHeaderBytes - the encrypted header

uidLen - the maximum bytes length of the expected UID

additionalDataLen - the maximum bytes length of the expected additional data

Returns:

The decrypted header: symmetric key, uid and additional data

Throws:

FfiException - in case of native library error

decryptHeader

public DecryptedHeader decryptHeader(PrivateKey userDecryptionKey,
                                     byte[] encryptedHeaderBytes)
                              throws FfiException,
                                     CosmianException

Decrypt a hybrid header, recovering the symmetric key

Parameters:

userDecryptionKey - the ABE user decryption key

encryptedHeaderBytes - the encrypted header

Returns:

The decrypted header: symmetric key, uid and additional data

Throws:

FfiException - in case of native library error

CosmianException - in case the key bytes cannot be recovered from the PrivateKey

decryptHeader

public DecryptedHeader decryptHeader(PrivateKey userDecryptionKey,
                                     byte[] encryptedHeaderBytes,
                                     int uidLen,
                                     int additionalDataLen)
                              throws FfiException,
                                     CosmianException

Decrypt a hybrid header, recovering the symmetric key, and optionally, the resource UID and additional data

Parameters:

userDecryptionKey - the ABE user decryption key

encryptedHeaderBytes - the encrypted header

uidLen - the maximum bytes length of the expected UID

additionalDataLen - the maximum bytes length of the expected additional data

Returns:

The decrypted header: symmetric key, uid and additional data

Throws:

FfiException - in case of native library error

CosmianException - in case the key bytes cannot be recovered from the PrivateKey

decryptHeader

public DecryptedHeader decryptHeader(byte[] userDecryptionKeyBytes,
                                     byte[] encryptedHeaderBytes,
                                     int uidLen,
                                     int additionalDataLen)
                              throws FfiException

Decrypt a hybrid header, recovering the symmetric key, and optionally, the resource UID and additional data

Parameters:

userDecryptionKeyBytes - the ABE user decryption key bytes

encryptedHeaderBytes - the encrypted header

uidLen - the maximum bytes length of the expected UID

additionalDataLen - the maximum bytes length of the expected additional data

Returns:

The decrypted header: symmetric key, uid and additional data

Throws:

FfiException - in case of native library error

symmetricEncryptionOverhead

public int symmetricEncryptionOverhead()

The overhead in bytes (over the clear text) generated by the symmetric encryption scheme (AES 256 GCM)

Returns:

the overhead bytes

encryptBlock

public byte[] encryptBlock(byte[] symmetricKey,
                           byte[] clearText)
                    throws FfiException

Symmetrically encrypt a block of clear text data. No resource UID is used for authentication and the block number is assumed to be zero

Parameters:

symmetricKey - The key to use to symmetrically encrypt the block

clearText - the clear text to encrypt

Returns:

the encrypted block

Throws:

FfiException - in case of native library error

encryptBlock

public byte[] encryptBlock(byte[] symmetricKey,
                           byte[] uid,
                           int blockNumber,
                           byte[] clearText)
                    throws FfiException

Symmetrically encrypt a block of clear text data. The UID and Block Number are part of the AEAD of the symmetric scheme.

Parameters:

symmetricKey - The key to use to symmetrically encrypt the block

uid - The resource UID

blockNumber - the block number when the resource is split in multiple blocks

clearText - the clear text to encrypt

Returns:

the encrypted block

Throws:

FfiException - in case of native library error

decryptBlock

public byte[] decryptBlock(byte[] symmetricKey,
                           byte[] encryptedBytes)
                    throws FfiException

Symmetrically decrypt a block of encrypted data. No resource UID is used for authentication and the block number is assumed to be zero

Parameters:

symmetricKey - the symmetric key to use

encryptedBytes - the encrypted block bytes

Returns:

the clear text bytes

Throws:

FfiException - in case of native library error

decryptBlock

public byte[] decryptBlock(byte[] symmetricKey,
                           byte[] uid,
                           int blockNumber,
                           byte[] encryptedBytes)
                    throws FfiException

Symmetrically decrypt a block of encrypted data. The resource UID and block Number must match those supplied on encryption or decryption will fail.

Parameters:

symmetricKey - the symmetric key to use

uid - the resource UID

blockNumber - the block number of the resource

encryptedBytes - the encrypted block bytes

Returns:

the clear text bytes

Throws:

FfiException - in case of native library error

generateMasterKeys

public MasterKeys generateMasterKeys(Policy policy)
                              throws FfiException

Generate the master private and public keys using the ABE policy

Parameters:

policy - the policy to use

Returns:

the master private and public keys in raw bytes

Throws:

FfiException - in case of native library error

generateUserPrivateKey

public byte[] generateUserPrivateKey(byte[] masterPrivateKey,
                                     AccessPolicy accessPolicy,
                                     Policy policy)
                              throws FfiException

Generate the user private key

Parameters:

masterPrivateKey - the master private key in bytes

accessPolicy - the access policy of the user private key

policy - the ABE policy

Returns:

the corresponding user private key

Throws:

FfiException - in case of native library error

rotateAttributes

public Policy rotateAttributes(Attr[] attributes,
                               Policy policy)
                        throws FfiException,
                               com.fasterxml.jackson.core.exc.StreamReadException,
                               com.fasterxml.jackson.databind.DatabindException,
                               IOException

Rotate attributes, changing their underlying value with that of an unused slot

Parameters:

attributes: - a list of attributes to rotate

policy: - the current policy returns the new Policy

Returns:

the new policy

Throws:

FfiException - in case of native library error

IOException - standard IO exceptions

com.fasterxml.jackson.databind.DatabindException - standard databind exceptions

com.fasterxml.jackson.core.exc.StreamReadException - stream read exceptions

unwrap

public void unwrap(int result)
            throws FfiException

If the result of the last FFI call is in Error, recover the last error from the native code and throw an exception wrapping it.

Parameters:

result - the result of the FFI call

Throws:

FfiException - in case of native library error