com.cosmian.jna.covercrypt

Class CoverCrypt

java.lang.Object

com.cosmian.jna.covercrypt.structs.Ffi

com.cosmian.jna.covercrypt.CoverCrypt

public final class CoverCrypt
extends Ffi

Field Summary

Fields inherited from class com.cosmian.jna.covercrypt.structs.Ffi

INSTANCE

Constructor Summary

Constructors

Constructor and Description
CoverCrypt()

Method Summary

Modifier and Type	Method and Description
static int	createDecryptionCache(byte[] userDecryptionKeyBytes) Create a decryption cache that can be used with decryptHeaderUsingCache(int, byte[], Optional).
static int	createEncryptionCache(Policy policy, byte[] publicKeyBytes) Create an encryption cache that can be used with encryptHeaderUsingCache(int, String).
static DecryptedData	decrypt(byte[] userDecryptionKeyBytes, byte[] ciphertext, Optional<byte[]> authenticationData) Decrypt a hybrid encryption.
static byte[]	decryptBlock(byte[] symmetricKey, Optional<byte[]> authenticationData, byte[] encryptedBytes) Symmetrically decrypt a block of encrypted data.
static DecryptedHeader	decryptHeader(byte[] userDecryptionKeyBytes, byte[] encryptedHeaderBytes, Optional<byte[]> authenticationData) Decrypt a hybrid header using a cache, recovering the symmetric key.
static DecryptedHeader	decryptHeaderUsingCache(int cacheHandle, byte[] encryptedHeaderBytes, Optional<byte[]> authenticationData) Decrypt a hybrid header using a cache, recovering the symmetric key.
static void	destroyDecryptionCache(int cacheHandle) Destroy the cache created with createDecryptionCache(byte[]).
static void	destroyEncryptionCache(int cacheHandle) Destroy the cache created with createEncryptionCache(Policy, byte[]).
static byte[]	encrypt(Policy policy, byte[] publicKeyBytes, String encryptionPolicy, byte[] plaintext, Optional<byte[]> authenticationData, Optional<byte[]> headerMetadata) Generate an hybrid encryption of a plaintext.
static byte[]	encryptBlock(byte[] symmetricKey, Optional<byte[]> authenticationData, byte[] clearText) Symmetrically encrypt a block of clear text data.
static EncryptedHeader	encryptHeader(Policy policy, byte[] publicKeyBytes, String encryptionPolicy) Generate an hybrid encryption header.
static EncryptedHeader	encryptHeader(Policy policy, byte[] publicKeyBytes, String encryptionPolicy, byte[] headerMetadata) Generate an hybrid encryption header.
static EncryptedHeader	encryptHeader(Policy policy, byte[] publicKeyBytes, String encryptionPolicy, byte[] headerMetadata, byte[] authenticationData) Generate an hybrid encryption header.
static EncryptedHeader	encryptHeaderUsingCache(int cacheHandle, String encryptionPolicy) Generate an encrypted header using a pre-cached Public Key and `Policy`.
static EncryptedHeader	encryptHeaderUsingCache(int cacheHandle, String encryptionPolicy, byte[] headerMetadata) Generate an encrypted header using a pre-cached Public Key and `Policy`.
static EncryptedHeader	encryptHeaderUsingCache(int cacheHandle, String encryptionPolicy, byte[] headerMetadata, byte[] authenticationData) Generate an encrypted header using a pre-cached Public Key and `Policy`.
static MasterKeys	generateMasterKeys(Policy policy) Generate the master private and public keys using the ABE policy
static byte[]	generateUserPrivateKey(byte[] masterPrivateKey, String userPolicy, Policy policy) Generate the user private key.
static int	symmetricEncryptionOverhead() The overhead in bytes (over the clear text) generated by the symmetric encryption scheme (AES 256 GCM)

Methods inherited from class com.cosmian.jna.covercrypt.structs.Ffi

get_last_error, get_last_error, set_error, unwrap

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

CoverCrypt

public CoverCrypt()

Method Detail

createEncryptionCache

public static int createEncryptionCache(Policy policy,
                                        byte[] publicKeyBytes)
                                 throws CloudproofException

Create an encryption cache that can be used with encryptHeaderUsingCache(int, String). The cache speeds up the encryption of the header. WARN: the cache MUST be destroyed after use with destroyEncryptionCache(int).

Parameters:

policy - the Policy to cache

publicKeyBytes - the public key bytes to cache

Returns:

the cache handle that can be passed to the encryption routine

Throws:

CloudproofException - on Rust lib errors

destroyEncryptionCache

public static void destroyEncryptionCache(int cacheHandle)
                                   throws CloudproofException

Destroy the cache created with createEncryptionCache(Policy, byte[]).

Parameters:

cacheHandle - the pointer to the cache to destroy

Throws:

CloudproofException - on Rust lib errors

encryptHeaderUsingCache

public static EncryptedHeader encryptHeaderUsingCache(int cacheHandle,
                                                      String encryptionPolicy)
                                               throws CloudproofException

Generate an encrypted header using a pre-cached Public Key and `Policy`. A symmetric key is randomly generated and encrypted using the provided policy attributes.

Parameters:

cacheHandle - the pointer to the int

encryptionPolicy - the encryption policy that determines the partitions to encrypt for

Returns:

the encrypted header bytes and the encrypted symmetric key

Throws:

CloudproofException - in case of native library error

CloudproofException - in case the Policy and key bytes cannot be recovered from the PublicKey

encryptHeaderUsingCache

public static EncryptedHeader encryptHeaderUsingCache(int cacheHandle,
                                                      String encryptionPolicy,
                                                      byte[] headerMetadata)
                                               throws CloudproofException

Generate an encrypted header using a pre-cached Public Key and `Policy`. A symmetric key is randomly generated and encrypted using the provided policy attributes. The `headerMetadata` is also symmetrically encrypted using this key. The resulting ciphertexts are stored in the encrypted header.

Parameters:

cacheHandle - the pointer to the int

encryptionPolicy - the encryption policy that determines the partitions to encrypt for

headerMetadata - optional additional data to encrypt and add to the header

Returns:

the encrypted header bytes and the encrypted symmetric key

Throws:

CloudproofException - in case of native library error

CloudproofException - in case the Policy and key bytes cannot be recovered from the PublicKey

encryptHeaderUsingCache

public static EncryptedHeader encryptHeaderUsingCache(int cacheHandle,
                                                      String encryptionPolicy,
                                                      byte[] headerMetadata,
                                                      byte[] authenticationData)
                                               throws CloudproofException

Generate an encrypted header using a pre-cached Public Key and `Policy`. A symmetric key is randomly generated and encrypted using the provided policy attributes. The `headerMetadata` is also symmetrically encrypted using this key using the `authenticationData` as AEAD associated data. The resulting ciphertexts are stored in the encrypted header.

Parameters:

cacheHandle - the pointer to the int

encryptionPolicy - the encryption policy that determines the partitions to encrypt for

headerMetadata - optional additional data to encrypt and add to the header

authenticationData - optional data used to authenticate the encryption of the additional data

Returns:

the encrypted header bytes and the encrypted symmetric key

Throws:

CloudproofException - in case of native library error

CloudproofException - in case the Policy and key bytes cannot be recovered from the PublicKey

encryptHeader

public static EncryptedHeader encryptHeader(Policy policy,
                                            byte[] publicKeyBytes,
                                            String encryptionPolicy)
                                     throws CloudproofException

Generate an hybrid encryption header. A symmetric key is randomly generated and encrypted the provided encryption policy.

Parameters:

policy - the policy to use

publicKeyBytes - the ABE public key bytes

encryptionPolicy - the encryption policy that determines the partitions to encrypt for

Returns:

the encrypted header, bytes and symmetric key

Throws:

CloudproofException - in case of native library error

encryptHeader

public static EncryptedHeader encryptHeader(Policy policy,
                                            byte[] publicKeyBytes,
                                            String encryptionPolicy,
                                            byte[] headerMetadata)
                                     throws CloudproofException

Generate an hybrid encryption header. A symmetric key is randomly generated and encrypted the provided encryption policy. The `headerMetadata` is symmetrically encrypted using this key. The resulting ciphertext is appended to the encrypted header.

Parameters:

policy - the policy to use

publicKeyBytes - the ABE public key bytes

encryptionPolicy - the encryption policy that determines the partitions to encrypt for

headerMetadata - the additional data to encrypt and add to the header

Returns:

the encrypted header, bytes and symmetric key

Throws:

CloudproofException - in case of native library error

encryptHeader

public static EncryptedHeader encryptHeader(Policy policy,
                                            byte[] publicKeyBytes,
                                            String encryptionPolicy,
                                            byte[] headerMetadata,
                                            byte[] authenticationData)
                                     throws CloudproofException

Generate an hybrid encryption header. A symmetric key is randomly generated and encrypted the provided encryption policy. The `headerMetadata` is symmetrically encrypted using this key and the `authenticationData` as AEAD associated data. The resulting ciphertext is appended to the encrypted header.

Parameters:

policy - the policy to use

publicKeyBytes - the ABE public key bytes

encryptionPolicy - the encryption policy that determines the partitions to encrypt for

headerMetadata - the additional data to encrypt and add to the header

authenticationData - optional data used to authenticate the encryption of the additional data

Returns:

the encrypted header, bytes and symmetric key

Throws:

CloudproofException - in case of native library error

createDecryptionCache

public static int createDecryptionCache(byte[] userDecryptionKeyBytes)
                                 throws CloudproofException

Create a decryption cache that can be used with decryptHeaderUsingCache(int, byte[], Optional). The cache speeds up the decryption of the header. WARN: the cache MUST be destroyed after use with destroyDecryptionCache(int)

Parameters:

userDecryptionKeyBytes - the public key bytes to cache

Returns:

the cache handle that can be passed to the decryption routine

Throws:

CloudproofException - on Rust lib errors

CloudproofException - in case of other errors

destroyDecryptionCache

public static void destroyDecryptionCache(int cacheHandle)
                                   throws CloudproofException

Destroy the cache created with createDecryptionCache(byte[]).

Parameters:

cacheHandle - the pointer to the cache to destroy

Throws:

CloudproofException - on Rust lib errors

CloudproofException - in case of other errors

decryptHeaderUsingCache

public static DecryptedHeader decryptHeaderUsingCache(int cacheHandle,
                                                      byte[] encryptedHeaderBytes,
                                                      Optional<byte[]> authenticationData)
                                               throws CloudproofException

Decrypt a hybrid header using a cache, recovering the symmetric key. If some header metadata is encrypted in the header, it will be decrypted using the given `authenticatedData`.

Parameters:

cacheHandle - the cache to the user decryption key

encryptedHeaderBytes - the encrypted header

authenticationData - optional data used to authenticate the encryption of the additional data

Returns:

The decrypted header: symmetric key, uid and additional data

Throws:

CloudproofException - in case of native library error

decryptHeader

public static DecryptedHeader decryptHeader(byte[] userDecryptionKeyBytes,
                                            byte[] encryptedHeaderBytes,
                                            Optional<byte[]> authenticationData)
                                     throws CloudproofException

Decrypt a hybrid header using a cache, recovering the symmetric key. If some header metadata is encrypted in the header, it will be decrypted using the given `authenticatedData`.

Parameters:

userDecryptionKeyBytes - the ABE user decryption key bytes

encryptedHeaderBytes - the encrypted header

authenticationData - optional data used to authenticate the encryption of the additional data

Returns:

The decrypted header: symmetric key, uid and additional data

Throws:

CloudproofException - in case of native library error

symmetricEncryptionOverhead

public static int symmetricEncryptionOverhead()

The overhead in bytes (over the clear text) generated by the symmetric encryption scheme (AES 256 GCM)

Returns:

the overhead bytes

encryptBlock

public static byte[] encryptBlock(byte[] symmetricKey,
                                  Optional<byte[]> authenticationData,
                                  byte[] clearText)
                           throws CloudproofException

Symmetrically encrypt a block of clear text data. Use the `authenticationData` as AEAD additional data if it is given.

Parameters:

symmetricKey - The key to use to symmetrically encrypt the block

authenticationData - The associated Data used to authenticate the symmetric encryption

clearText - the clear text to encrypt

Returns:

the encrypted block

Throws:

CloudproofException - in case of native library error

decryptBlock

public static byte[] decryptBlock(byte[] symmetricKey,
                                  Optional<byte[]> authenticationData,
                                  byte[] encryptedBytes)
                           throws CloudproofException

Symmetrically decrypt a block of encrypted data. Use the `authenticationData` as AEAD additional data if it is given.

Parameters:

symmetricKey - the symmetric key to use

authenticationData - The associated Data used to authenticate the symmetric encryption

encryptedBytes - the encrypted block bytes

Returns:

the clear text bytes

Throws:

CloudproofException - in case of native library error

generateMasterKeys

public static MasterKeys generateMasterKeys(Policy policy)
                                     throws CloudproofException

Generate the master private and public keys using the ABE policy

Parameters:

policy - the policy to use

Returns:

the master private and public keys in raw bytes

Throws:

CloudproofException - in case of native library error

generateUserPrivateKey

public static byte[] generateUserPrivateKey(byte[] masterPrivateKey,
                                            String userPolicy,
                                            Policy policy)
                                     throws CloudproofException

Generate the user private key.

Parameters:

masterPrivateKey - the master private key in bytes

userPolicy - the access policy of the user private key as a JSON version of an AccessPolicy instance

policy - the ABE policy

Returns:

the corresponding user private key

Throws:

CloudproofException - in case of native library error

encrypt

public static byte[] encrypt(Policy policy,
                             byte[] publicKeyBytes,
                             String encryptionPolicy,
                             byte[] plaintext,
                             Optional<byte[]> authenticationData,
                             Optional<byte[]> headerMetadata)
                      throws CloudproofException

Generate an hybrid encryption of a plaintext. If provided, the `headerMetadata` is symmetrically encrypted and appended to the encrypted header. If provided the `authenticationData` is used as AEAD associated data.

Parameters:

policy - the policy to use

publicKeyBytes - the public key bytes

encryptionPolicy - the encryption policy that determines the partitions to encrypt for

plaintext - the plaintext to encrypt

authenticationData - optional data used to authenticate the symmetric encryption

headerMetadata - the additional data to encrypt and add to the header

Returns:

the ciphertext

Throws:

CloudproofException - in case of native library error

decrypt

public static DecryptedData decrypt(byte[] userDecryptionKeyBytes,
                                    byte[] ciphertext,
                                    Optional<byte[]> authenticationData)
                             throws CloudproofException

Decrypt a hybrid encryption. If provided, the `authenticationData` is used as AEAD associated data.

Parameters:

userDecryptionKeyBytes - the ABE user decryption key bytes

ciphertext - the ciphertext to decrypt

authenticationData - optional data used to authenticate the symmetric encryption

Returns:

the DecryptedData containing the plaintext and optional header metadata

Throws:

CloudproofException - in case of native library error