com.amazonaws.encryptionsdk.model

Class CiphertextHeaders

java.lang.Object

com.amazonaws.encryptionsdk.model.CiphertextHeaders

Direct Known Subclasses:

ParsedCiphertext

public class CiphertextHeaders
extends Object

This class implements the headers for the message (ciphertext) produced by this library. These headers are parsed and used when the ciphertext is decrypted.

See https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/message-format.html for a detailed description of the fields that make up the encrypted message header.

It is important to note that all but the last two header fields are checked for their integrity during decryption using AES-GCM with the nonce and MAC tag values supplied in the last two fields of the header.

Field Summary

Fields

Modifier and Type	Field and Description
static int	NO_MAX_ENCRYPTED_DATA_KEYS When passed as maxEncryptedDataKeys, indicates that no maximum should be enforced (i.e., any number of EDKs are allowed).

Constructor Summary

Constructors

Constructor and Description
CiphertextHeaders() Default constructor.
CiphertextHeaders(byte version, CiphertextType type, CryptoAlgorithm cryptoAlgo, byte[] encryptionContext, List<KeyBlob> keyBlobs, ContentType contentType, int frameSize) Deprecated. CiphertextHeaders(CiphertextType, CryptoAlgorithm, byte[], List, ContentType, int)
CiphertextHeaders(CiphertextType type, CryptoAlgorithm cryptoAlgo, byte[] encryptionContext, List<KeyBlob> keyBlobs, ContentType contentType, int frameSize) Construct the ciphertext headers using the provided values.

Method Summary

Modifier and Type	Method and Description
int	deserialize(byte[] b, int off) Deserialize the provided bytes starting at the specified offset to construct an instance of this class.
int	deserialize(byte[] b, int off, int maxEncryptedDataKeys) Deserialize the provided bytes starting at the specified offset to construct an instance of this class.
ContentType	getContentType() Return the content type set in the header.
CryptoAlgorithm	getCryptoAlgoId() Return the crypto algorithm identifier set in the header.
int	getEncryptedKeyBlobCount() Return the count of the encrypted key blobs set in the header.
List<KeyBlob>	getEncryptedKeyBlobs() Return the encrypted key blobs set in the header.
byte[]	getEncryptionContext() Return the encryption context set in the header.
int	getEncryptionContextLen() Return the length of the encryption context set in the header.
Map<String,String>	getEncryptionContextMap()
int	getFrameLength() Return the length of the frame set in the header.
byte[]	getHeaderNonce() Return the header nonce set in the header.
byte[]	getHeaderTag() Return the header tag set in the header.
byte[]	getMessageId() Return the message identifier set in the header.
short	getNonceLength() Return the length of the nonce set in the header.
byte[]	getSuiteData() Return suite specific data.
CiphertextType	getType() Return the type set in the header.
byte	getVersion() Return the version set in the header.
Boolean	isComplete() Check if this object has all the header fields populated and available for reading.
byte[]	serializeAuthenticatedFields() Serialize the header fields into a byte array.
void	setHeaderNonce(byte[] headerNonce) Set the header nonce to use for authenticating the header data.
void	setHeaderTag(byte[] headerTag) Set the header tag to use for authenticating the header data.
void	setSuiteData(byte[] suiteData) Sets suite specific data
byte[]	toByteArray() Serialize the header fields into a byte array.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

NO_MAX_ENCRYPTED_DATA_KEYS

public static final int NO_MAX_ENCRYPTED_DATA_KEYS

When passed as maxEncryptedDataKeys, indicates that no maximum should be enforced (i.e., any number of EDKs are allowed).

See Also:

Constant Field Values

Constructor Detail

CiphertextHeaders

public CiphertextHeaders()

Default constructor.

CiphertextHeaders

@Deprecated
public CiphertextHeaders(byte version,
                                     CiphertextType type,
                                     CryptoAlgorithm cryptoAlgo,
                                     byte[] encryptionContext,
                                     List<KeyBlob> keyBlobs,
                                     ContentType contentType,
                                     int frameSize)

Deprecated. CiphertextHeaders(CiphertextType, CryptoAlgorithm, byte[], List, ContentType, int)

Construct the ciphertext headers using the provided values.

Parameters:

version - the version to set in the header.

type - the type to set in the header.

cryptoAlgo - the CryptoAlgorithm enum to encode in the header.

encryptionContext - the bytes containing the encryption context to set in the header.

keyBlobs - list of keyBlobs containing the key provider id, key provider info, and encrypted data key to encode in the header.

contentType - the content type to set in the header.

frameSize - the frame payload size to set in the header.

CiphertextHeaders

public CiphertextHeaders(CiphertextType type,
                         CryptoAlgorithm cryptoAlgo,
                         byte[] encryptionContext,
                         List<KeyBlob> keyBlobs,
                         ContentType contentType,
                         int frameSize)

Construct the ciphertext headers using the provided values.

Parameters:

type - the type to set in the header.

cryptoAlgo - the CryptoAlgorithm enum to encode in the header.

encryptionContext - the bytes containing the encryption context to set in the header.

keyBlobs - list of keyBlobs containing the key provider id, key provider info, and encrypted data key to encode in the header.

contentType - the content type to set in the header.

frameSize - the frame payload size to set in the header.

Method Detail

isComplete

public Boolean isComplete()

Check if this object has all the header fields populated and available for reading.

Returns:

true if this object containing the single block header fields is complete; false otherwise.

deserialize

public int deserialize(byte[] b,
                       int off)
                throws ParseException

Deserialize the provided bytes starting at the specified offset to construct an instance of this class. Uses the default value for maxEncryptedDataKeys, which results in no limit.

This method parses the provided bytes for the individual fields in this class. This method also supports partial parsing where not all the bytes required for parsing the fields successfully are available.

Parameters:

b - the byte array to deserialize.

off - the offset in the byte array to use for deserialization.

Returns:

the number of bytes consumed in deserialization.

Throws:

ParseException

deserialize

public int deserialize(byte[] b,
                       int off,
                       int maxEncryptedDataKeys)
                throws ParseException

Deserialize the provided bytes starting at the specified offset to construct an instance of this class.

This method parses the provided bytes for the individual fields in this class. This method also supports partial parsing where not all the bytes required for parsing the fields successfully are available.

Parameters:

b - the byte array to deserialize.

off - the offset in the byte array to use for deserialization.

maxEncryptedDataKeys - the maximum number of EDKs to deserialize; zero indicates no maximum

Returns:

the number of bytes consumed in deserialization.

Throws:

ParseException

serializeAuthenticatedFields

public byte[] serializeAuthenticatedFields()

Serialize the header fields into a byte array. Note this method does not serialize the header nonce and tag.

Returns:

the serialized bytes of the header fields not including the header nonce and tag.

toByteArray

public byte[] toByteArray()

Serialize the header fields into a byte array. This method serializes all the header fields including the header nonce and tag.

Returns:

the serialized bytes of the entire header.

getVersion

public byte getVersion()

Return the version set in the header.

Returns:

the byte value representing the version.

getType

public CiphertextType getType()

Return the type set in the header.

Returns:

the CiphertextType enum value representing the type set in the header.

getCryptoAlgoId

public CryptoAlgorithm getCryptoAlgoId()

Return the crypto algorithm identifier set in the header.

Returns:

the CryptoAlgorithm enum value representing the identifier set in the header.

getEncryptionContextLen

public int getEncryptionContextLen()

Return the length of the encryption context set in the header.

Returns:

the length of the encryption context set in the header.

getEncryptionContext

public byte[] getEncryptionContext()

Return the encryption context set in the header.

Returns:

the bytes containing encryption context set in the header.

getEncryptionContextMap

public Map<String,String> getEncryptionContextMap()

getEncryptedKeyBlobCount

public int getEncryptedKeyBlobCount()

Return the count of the encrypted key blobs set in the header.

Returns:

the count of the encrypted key blobs set in the header.

getEncryptedKeyBlobs

public List<KeyBlob> getEncryptedKeyBlobs()

Return the encrypted key blobs set in the header.

Returns:

the KeyBlob objects representing the key blobs set in the header.

getContentType

public ContentType getContentType()

Return the content type set in the header.

Returns:

the ContentType enum value representing the content type set in the header.

getMessageId

public byte[] getMessageId()

Return the message identifier set in the header.

Returns:

the bytes containing the message identifier set in the header.

getNonceLength

public short getNonceLength()

Return the length of the nonce set in the header.

Returns:

the length of the nonce set in the header.

getFrameLength

public int getFrameLength()

Return the length of the frame set in the header.

Returns:

the length of the frame set in the header.

getHeaderNonce

public byte[] getHeaderNonce()

Return the header nonce set in the header.

Returns:

the bytes containing the header nonce set in the header.

getHeaderTag

public byte[] getHeaderTag()

Return the header tag set in the header.

Returns:

the header tag set in the header.

setHeaderNonce

public void setHeaderNonce(byte[] headerNonce)

Set the header nonce to use for authenticating the header data.

Parameters:

headerNonce - the header nonce to use.

setHeaderTag

public void setHeaderTag(byte[] headerTag)

Set the header tag to use for authenticating the header data.

Parameters:

headerTag - the header tag to use.

getSuiteData

public byte[] getSuiteData()

Return suite specific data.

Returns:

suiteData

setSuiteData

public void setSuiteData(byte[] suiteData)

Sets suite specific data

Parameters:

suiteData -