port NAC to security v2
This commit is based on Lei Pi's commit, which changed certificate version from v1 to v2.
The later changes fix some bugs and refactor algo part of the library to get rid of cryptopp.
Change-Id: I3be7e0341fe85ee69f1b5f1c3ed7421a6c61d0b5
diff --git a/src/algo/aes.cpp b/src/algo/aes.cpp
index 6a7d2e0..c71946b 100644
--- a/src/algo/aes.cpp
+++ b/src/algo/aes.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2014-2015, Regents of the University of California
+ * Copyright (c) 2014-2018, Regents of the University of California
*
* This file is part of gep (Group-based Encryption Protocol for NDN).
* See AUTHORS.md for complete list of gep authors and contributors.
@@ -17,32 +17,27 @@
* gep, e.g., in COPYING.md file. If not, see <http://www.gnu.org/licenses/>.
*/
-#include <ndn-cxx/encoding/buffer-stream.hpp>
#include "aes.hpp"
#include "error.hpp"
+#include <openssl/rand.h>
+#include <ndn-cxx/encoding/buffer-stream.hpp>
+#include <ndn-cxx/security/transform/buffer-source.hpp>
+#include <ndn-cxx/security/transform/stream-sink.hpp>
namespace ndn {
namespace gep {
namespace algo {
-using namespace CryptoPP;
-
-static Buffer
-transform(CipherModeBase* cipher, const uint8_t* data, size_t dataLen)
-{
- OBufferStream obuf;
- StringSource pipe(data, dataLen, true,
- new StreamTransformationFilter(*cipher, new FileSink(obuf)));
- return *(obuf.buf());
-}
-
DecryptKey<Aes>
-Aes::generateKey(RandomNumberGenerator& rng, AesKeyParams& params)
+Aes::generateKey(AesKeyParams& params)
{
- SecByteBlock key(0x00, params.getKeySize() >> 3); // Converting key bit-size to byte-size.
- rng.GenerateBlock(key.data(), key.size());
+ uint8_t key[32];
- DecryptKey<Aes> decryptKey(Buffer(key.data(), key.size()));
+ int result = RAND_bytes(key, sizeof(key));
+ if (result != 1) {
+ BOOST_THROW_EXCEPTION(Error("Cannot generate 32 bytes random AES key"));
+ }
+ DecryptKey<Aes> decryptKey(Buffer(key, sizeof(key)));
return decryptKey;
}
@@ -59,22 +54,19 @@
const uint8_t* payload, size_t payloadLen,
const EncryptParams& params)
{
- switch (params.getAlgorithmType()) {
- case tlv::AlgorithmAesEcb: {
- ECB_Mode<AES>::Decryption ecbDecryption(key, keyLen);
- return transform(&ecbDecryption, payload, payloadLen);
- }
- case tlv::AlgorithmAesCbc: {
- const Buffer& initVector = params.getIV();
- if (initVector.size() != static_cast<size_t>(AES::BLOCKSIZE))
- throw Error("incorrect initial vector size");
-
- CBC_Mode<AES>::Decryption cbcDecryption(key, keyLen, initVector.get());
- return transform(&cbcDecryption, payload, payloadLen);
- }
- default:
- throw Error("unsupported encryption mode");
+ if (params.getAlgorithmType() != tlv::AlgorithmAesCbc) {
+ BOOST_THROW_EXCEPTION(Error("unsupported AES decryption mode"));
}
+
+ const Buffer& initVector = params.getIV();
+ OBufferStream os;
+ security::transform::bufferSource(payload, payloadLen)
+ >> security::transform::blockCipher(BlockCipherAlgorithm::AES_CBC, CipherOperator::DECRYPT,
+ key, keyLen, initVector.data(), initVector.size())
+ >> security::transform::streamSink(os);
+
+ auto result = os.buf();
+ return *result;
}
Buffer
@@ -82,22 +74,20 @@
const uint8_t* payload, size_t payloadLen,
const EncryptParams& params)
{
- switch (params.getAlgorithmType()) {
- case tlv::AlgorithmAesEcb: {
- ECB_Mode<AES>::Encryption ecbEncryption(key, keyLen);
- return transform(&ecbEncryption, payload, payloadLen);
- }
- case tlv::AlgorithmAesCbc: {
- const Buffer& initVector = params.getIV();
- if (initVector.size() != static_cast<size_t>(AES::BLOCKSIZE))
- throw Error("incorrect initial vector size");
-
- CBC_Mode<AES>::Encryption cbcEncryption(key, keyLen, initVector.get());
- return transform(&cbcEncryption, payload, payloadLen);
- }
- default:
- throw Error("unsupported encryption mode");
+ if (params.getAlgorithmType() != tlv::AlgorithmAesCbc) {
+ BOOST_THROW_EXCEPTION(Error("unsupported AES decryption mode"));
}
+
+ const Buffer& initVector = params.getIV();
+ OBufferStream os;
+ security::transform::bufferSource(payload, payloadLen)
+ >> security::transform::blockCipher(BlockCipherAlgorithm::AES_CBC,
+ CipherOperator::ENCRYPT,
+ key, keyLen, initVector.data(), initVector.size())
+ >> security::transform::streamSink(os);
+
+ auto result = os.buf();
+ return *result;
}
} // namespace algo
diff --git a/src/algo/aes.hpp b/src/algo/aes.hpp
index e4363bf..d0fbabd 100644
--- a/src/algo/aes.hpp
+++ b/src/algo/aes.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2014-2015, Regents of the University of California
+ * Copyright (c) 2014-2018, Regents of the University of California
*
* This file is part of gep (Group-based Encryption Protocol for NDN).
* See AUTHORS.md for complete list of gep authors and contributors.
@@ -20,11 +20,11 @@
#ifndef NDN_GEP_ALGO_AES_HPP
#define NDN_GEP_ALGO_AES_HPP
-#include <ndn-cxx/security/key-params.hpp>
-#include "../random-number-generator.hpp"
+#include "common.hpp"
#include "encrypt-params.hpp"
#include "../decrypt-key.hpp"
-
+#include <ndn-cxx/security/transform/block-cipher.hpp>
+#include <ndn-cxx/security/key-params.hpp>
namespace ndn {
namespace gep {
@@ -34,7 +34,7 @@
{
public:
static DecryptKey<Aes>
- generateKey(RandomNumberGenerator& rng, AesKeyParams& params);
+ generateKey(AesKeyParams& params);
static EncryptKey<Aes>
deriveEncryptKey(const Buffer& keyBits);
@@ -57,4 +57,4 @@
} // namespace gep
} // namespace ndn
-#endif // NDN_GEP_ALGO_AES_ECB_HPP
+#endif // NDN_GEP_ALGO_AES_HPP
diff --git a/src/algo/encrypt-params.cpp b/src/algo/encrypt-params.cpp
index dd2afcf..91b5588 100644
--- a/src/algo/encrypt-params.cpp
+++ b/src/algo/encrypt-params.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2014-2015, Regents of the University of California
+ * Copyright (c) 2014-2018, Regents of the University of California
*
* This file is part of gep (Group-based Encryption Protocol for NDN).
* See AUTHORS.md for complete list of gep authors and contributors.
@@ -17,8 +17,9 @@
* gep, e.g., in COPYING.md file. If not, see <http://www.gnu.org/licenses/>.
*/
-#include "../random-number-generator.hpp"
#include "encrypt-params.hpp"
+#include "error.hpp"
+#include <openssl/rand.h>
namespace ndn {
namespace gep {
@@ -27,10 +28,12 @@
EncryptParams::EncryptParams(tlv::AlgorithmTypeValue algorithm, uint8_t ivLength)
: m_algo(algorithm)
{
- if (ivLength != 0){
- RandomNumberGenerator rng;
+ if (ivLength != 0) {
m_iv.resize(ivLength);
- rng.GenerateBlock(m_iv.buf(), m_iv.size());
+ int result = RAND_bytes(m_iv.data(), m_iv.size());
+ if (result != 1) {
+ BOOST_THROW_EXCEPTION(Error("Cannot generate random IV"));
+ }
}
}
diff --git a/src/algo/encrypt-params.hpp b/src/algo/encrypt-params.hpp
index 0aa03b2..030f443 100644
--- a/src/algo/encrypt-params.hpp
+++ b/src/algo/encrypt-params.hpp
@@ -1,8 +1,27 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/**
+ * Copyright (c) 2014-2018, Regents of the University of California
+ *
+ * This file is part of gep (Group-based Encryption Protocol for NDN).
+ * See AUTHORS.md for complete list of gep authors and contributors.
+ *
+ * gep is free software: you can redistribute it and/or modify it under the terms
+ * of the GNU General Public License as published by the Free Software Foundation,
+ * either version 3 of the License, or (at your option) any later version.
+ *
+ * gep is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
+ * without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+ * PURPOSE. See the GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * gep, e.g., in COPYING.md file. If not, see <http://www.gnu.org/licenses/>.
+ */
+
#ifndef NDN_GEP_ENCRYPT_PARAMS_HPP
#define NDN_GEP_ENCRYPT_PARAMS_HPP
-#include <ndn-cxx/encoding/buffer-stream.hpp>
#include "../tlv.hpp"
+#include <ndn-cxx/encoding/buffer-stream.hpp>
namespace ndn {
namespace gep {
diff --git a/src/algo/encryptor.cpp b/src/algo/encryptor.cpp
index 68b0d82..c9f7745 100644
--- a/src/algo/encryptor.cpp
+++ b/src/algo/encryptor.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2014-2015, Regents of the University of California
+ * Copyright (c) 2014-2018, Regents of the University of California
*
* This file is part of ndn-group-encrypt (Group-based Encryption Protocol for NDN).
* See AUTHORS.md for complete list of ndn-group-encrypt authors and contributors.
@@ -18,19 +18,16 @@
*/
#include "encryptor.hpp"
-#include "../random-number-generator.hpp"
-#include "../encrypted-content.hpp"
#include "aes.hpp"
#include "rsa.hpp"
-
+#include "../encrypted-content.hpp"
#include "error.hpp"
+#include <openssl/rand.h>
namespace ndn {
namespace gep {
namespace algo {
-using namespace CryptoPP;
-
/**
* @brief Helper method for symmetric encryption
*
@@ -39,27 +36,28 @@
* @return An EncryptedContent
*/
static EncryptedContent
-encryptSymmetric(const uint8_t* payload, size_t payloadLen,
- const uint8_t* key, size_t keyLen,
- const Name& keyName, const EncryptParams& params)
+encryptSymmetric(const uint8_t* payload,
+ size_t payloadLen,
+ const uint8_t* key,
+ size_t keyLen,
+ const Name& keyName,
+ const EncryptParams& params)
{
tlv::AlgorithmTypeValue algType = params.getAlgorithmType();
const Buffer& iv = params.getIV();
KeyLocator keyLocator(keyName);
switch (algType) {
- case tlv::AlgorithmAesEcb: {
- const Buffer& encryptedPayload = Aes::encrypt(key, keyLen, payload, payloadLen, params);
- return EncryptedContent(algType, keyLocator, encryptedPayload.buf(), encryptedPayload.size(), iv.buf(), iv.size());
- }
case tlv::AlgorithmAesCbc: {
- BOOST_ASSERT(iv.size() == static_cast<size_t>(AES::BLOCKSIZE));
const Buffer& encryptedPayload = Aes::encrypt(key, keyLen, payload, payloadLen, params);
- return EncryptedContent(algType, keyLocator, encryptedPayload.buf(), encryptedPayload.size(), iv.buf(), iv.size());
+ return EncryptedContent(algType, keyLocator,
+ encryptedPayload.data(),
+ encryptedPayload.size(),
+ iv.data(), iv.size());
}
default: {
BOOST_ASSERT(false);
- throw algo::Error("Unsupported encryption method");
+ BOOST_THROW_EXCEPTION(algo::Error("Unsupported encryption method"));
}
}
}
@@ -75,7 +73,8 @@
static EncryptedContent
encryptAsymmetric(const uint8_t* payload, size_t payloadLen,
const uint8_t* key, size_t keyLen,
- const Name& keyName, const EncryptParams& params)
+ const Name& keyName,
+ const EncryptParams& params)
{
tlv::AlgorithmTypeValue algType = params.getAlgorithmType();
KeyLocator keyLocator(keyName);
@@ -83,12 +82,12 @@
switch (algType) {
case tlv::AlgorithmRsaPkcs:
case tlv::AlgorithmRsaOaep: {
- Buffer encryptedPayload = Rsa::encrypt(key, keyLen, payload, payloadLen, params);
- return EncryptedContent(algType, keyLocator, encryptedPayload.buf(), encryptedPayload.size());
+ Buffer encryptedPayload = Rsa::encrypt(key, keyLen, payload, payloadLen);
+ return EncryptedContent(algType, keyLocator, encryptedPayload.data(), encryptedPayload.size());
}
default: {
BOOST_ASSERT(false);
- throw algo::Error("Unsupported encryption method");
+ BOOST_THROW_EXCEPTION(algo::Error("Unsupported encryption method"));
}
}
}
@@ -101,39 +100,33 @@
Name dataName = data.getName();
dataName.append(NAME_COMPONENT_FOR).append(keyName);
data.setName(dataName);
- switch(params.getAlgorithmType()) {
+ switch (params.getAlgorithmType()) {
case tlv::AlgorithmAesCbc:
case tlv::AlgorithmAesEcb: {
- const EncryptedContent& content = encryptSymmetric(payload, payloadLen, key, keyLen, keyName, params);
+ const EncryptedContent& content =
+ encryptSymmetric(payload, payloadLen, key, keyLen, keyName, params);
data.setContent(content.wireEncode());
break;
}
case tlv::AlgorithmRsaPkcs:
case tlv::AlgorithmRsaOaep: {
- size_t maxPlaintextLength = 0;
- RSA::PublicKey publicKey;
- ByteQueue keyQueue;
-
- keyQueue.LazyPut(key, keyLen);
- publicKey.Load(keyQueue);
- RSAES_PKCS1v15_Encryptor enc(publicKey);
- maxPlaintextLength = enc.FixedMaxPlaintextLength();
-
- if (maxPlaintextLength < payloadLen) {
- RandomNumberGenerator rng;
- SecByteBlock nonceKey(0x00, 16); // 128 bits key.
- rng.GenerateBlock(nonceKey.data(), nonceKey.size());
+ if (payloadLen > keyLen - 11) {
+ uint8_t nonceKey[16];
+ int result = RAND_bytes(nonceKey, sizeof(nonceKey));
+ if (result != 1) {
+ BOOST_THROW_EXCEPTION(Error("Cannot generate 32 bytes random AES key"));
+ }
Name nonceKeyName(keyName);
nonceKeyName.append("nonce");
- EncryptParams symParams(tlv::AlgorithmAesCbc, AES::BLOCKSIZE);
+ EncryptParams symParams(tlv::AlgorithmAesCbc, 16);
const EncryptedContent& nonceContent =
- encryptSymmetric(payload, payloadLen, nonceKey.data(), nonceKey.size(), nonceKeyName, symParams);
+ encryptSymmetric(payload, payloadLen, nonceKey, sizeof(nonceKey), nonceKeyName, symParams);
const EncryptedContent& payloadContent =
- encryptAsymmetric(nonceKey.data(), nonceKey.size(), key, keyLen, keyName, params);
+ encryptAsymmetric(nonceKey, sizeof(nonceKey), key, keyLen, keyName, params);
Block content(tlv::Content);
content.push_back(payloadContent.wireEncode());
@@ -143,13 +136,14 @@
return;
}
else {
- const EncryptedContent& content = encryptAsymmetric(payload, payloadLen, key, keyLen, keyName, params);
+ const EncryptedContent& content =
+ encryptAsymmetric(payload, payloadLen, key, keyLen, keyName, params);
data.setContent(content.wireEncode());
return;
}
}
default:
- throw algo::Error("Unsupported encryption method");
+ BOOST_THROW_EXCEPTION(algo::Error("Unsupported encryption method"));
}
}
diff --git a/src/algo/encryptor.hpp b/src/algo/encryptor.hpp
index 04556b9..4dde07e 100644
--- a/src/algo/encryptor.hpp
+++ b/src/algo/encryptor.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2014-2015, Regents of the University of California
+ * Copyright (c) 2014-2018, Regents of the University of California
*
* This file is part of ndn-group-encrypt (Group-based Encryption Protocol for NDN).
* See AUTHORS.md for complete list of ndn-group-encrypt authors and contributors.
@@ -20,8 +20,8 @@
#ifndef NDN_ENCRYPTOR_HPP
#define NDN_ENCRYPTOR_HPP
-#include <ndn-cxx/data.hpp>
#include "encrypt-params.hpp"
+#include <ndn-cxx/data.hpp>
namespace ndn {
namespace gep {
@@ -39,8 +39,12 @@
* a nonce in the content of @p data.
*/
void
-encryptData(Data& data, const uint8_t* payload, size_t payloadLen,
- const Name& keyName, const uint8_t* key, size_t keyLen,
+encryptData(Data& data,
+ const uint8_t* payload,
+ size_t payloadLen,
+ const Name& keyName,
+ const uint8_t* key,
+ size_t keyLen,
const EncryptParams& params);
} // namespace algo
diff --git a/src/algo/error.hpp b/src/algo/error.hpp
index 4cb46b1..d9abdb2 100644
--- a/src/algo/error.hpp
+++ b/src/algo/error.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2014-2015, Regents of the University of California
+ * Copyright (c) 2014-2018, Regents of the University of California
*
* This file is part of gep (Group-based Encryption Protocol for NDN).
* See AUTHORS.md for complete list of gep authors and contributors.
diff --git a/src/algo/rsa.cpp b/src/algo/rsa.cpp
index f5fe848..85f4498 100644
--- a/src/algo/rsa.cpp
+++ b/src/algo/rsa.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2014-2015, Regents of the University of California
+ * Copyright (c) 2014-2018, Regents of the University of California
*
* This file is part of gep (Group-based Encryption Protocol for NDN).
* See AUTHORS.md for complete list of gep authors and contributors.
@@ -17,111 +17,66 @@
* gep, e.g., in COPYING.md file. If not, see <http://www.gnu.org/licenses/>.
*/
-#include <ndn-cxx/encoding/buffer-stream.hpp>
#include "rsa.hpp"
#include "error.hpp"
+#include <ndn-cxx/encoding/buffer-stream.hpp>
+#include <ndn-cxx/security/transform/private-key.hpp>
+#include <ndn-cxx/security/transform/public-key.hpp>
namespace ndn {
namespace gep {
namespace algo {
-using namespace CryptoPP;
-
-static Buffer
-transform(SimpleProxyFilter* filter, const uint8_t* data, size_t dataLen)
-{
- OBufferStream obuf;
- filter->Attach(new FileSink(obuf));
-
- StringSource pipe(data, dataLen, true, filter);
- return *(obuf.buf());
-}
-
DecryptKey<Rsa>
-Rsa::generateKey(RandomNumberGenerator& rng, RsaKeyParams& params)
+Rsa::generateKey(RsaKeyParams& params)
{
- RSA::PrivateKey privateKey;
- privateKey.GenerateRandomWithKeySize(rng, params.getKeySize());
+ auto privateKey = security::transform::generatePrivateKey(params);
- OBufferStream obuf;
- privateKey.Save(FileSink(obuf).Ref());
+ OBufferStream os;
+ privateKey->savePkcs1(os);
- DecryptKey<Rsa> decryptKey(std::move(*obuf.buf()));
+ DecryptKey<Rsa> decryptKey(std::move(*os.buf()));
return decryptKey;
}
EncryptKey<Rsa>
Rsa::deriveEncryptKey(const Buffer& keyBits)
{
- RSA::PrivateKey privateKey;
+ security::transform::PrivateKey sKey;
+ sKey.loadPkcs1(keyBits.get<uint8_t>(), keyBits.size());
- ByteQueue keyQueue;
- keyQueue.LazyPut(keyBits.get(), keyBits.size());
- privateKey.Load(keyQueue);
+ ConstBufferPtr pKeyBits = sKey.derivePublicKey();
+ security::transform::PublicKey pKey;
+ pKey.loadPkcs8(pKeyBits->data(), pKeyBits->size());
- RSA::PublicKey publicKey(privateKey);
+ OBufferStream os;
+ pKey.savePkcs8(os);
- OBufferStream obuf;
- publicKey.Save(FileSink(obuf).Ref());
-
- EncryptKey<Rsa> encryptKey(std::move(*obuf.buf()));
+ EncryptKey<Rsa> encryptKey(std::move(*os.buf()));
return encryptKey;
}
Buffer
Rsa::decrypt(const uint8_t* key, size_t keyLen,
- const uint8_t* payload, size_t payloadLen,
- const EncryptParams& params)
+ const uint8_t* payload, size_t payloadLen)
{
- AutoSeededRandomPool rng;
- RSA::PrivateKey privateKey;
- ByteQueue keyQueue;
- keyQueue.LazyPut(key, keyLen);
- privateKey.Load(keyQueue);
+ security::transform::PrivateKey sKey;
+ sKey.loadPkcs1(key, keyLen);
- switch (params.getAlgorithmType()) {
- case tlv::AlgorithmRsaPkcs: {
- RSAES_PKCS1v15_Decryptor decryptor_pkcs1v15(privateKey);
- PK_DecryptorFilter* filter_pkcs1v15 = new PK_DecryptorFilter(rng, decryptor_pkcs1v15);
- return transform(filter_pkcs1v15, payload, payloadLen);
- }
- case tlv::AlgorithmRsaOaep: {
- RSAES_OAEP_SHA_Decryptor decryptor_oaep_sha(privateKey);
- PK_DecryptorFilter* filter_oaep_sha = new PK_DecryptorFilter(rng, decryptor_oaep_sha);
- return transform(filter_oaep_sha, payload, payloadLen);
- }
- default:
- throw Error("unsupported padding scheme");
- }
+ auto decrypted = sKey.decrypt(payload, payloadLen);
+ return *decrypted;
}
Buffer
Rsa::encrypt(const uint8_t* key, size_t keyLen,
- const uint8_t* payload, size_t payloadLen,
- const EncryptParams& params)
+ const uint8_t* payload, size_t payloadLen)
{
- AutoSeededRandomPool rng;
- RSA::PublicKey publicKey;
+ security::transform::PublicKey pKey;
+ pKey.loadPkcs8(key, keyLen);
- ByteQueue keyQueue;
- keyQueue.LazyPut(key, keyLen);
- publicKey.Load(keyQueue);
-
- switch (params.getAlgorithmType()) {
- case tlv::AlgorithmRsaPkcs: {
- RSAES_PKCS1v15_Encryptor encryptor_pkcs1v15(publicKey);
- PK_EncryptorFilter* filter_pkcs1v15 = new PK_EncryptorFilter(rng, encryptor_pkcs1v15);
- return transform(filter_pkcs1v15, payload, payloadLen);
- }
- case tlv::AlgorithmRsaOaep: {
- RSAES_OAEP_SHA_Encryptor encryptor_oaep_sha(publicKey);
- PK_EncryptorFilter* filter_oaep_sha = new PK_EncryptorFilter(rng, encryptor_oaep_sha);
- return transform(filter_oaep_sha, payload, payloadLen);
- }
- default:
- throw Error("unsupported padding scheme");
- }
+ auto cipherText = pKey.encrypt(payload, payloadLen);
+ return *cipherText;
}
} // namespace algo
diff --git a/src/algo/rsa.hpp b/src/algo/rsa.hpp
index 3e64688..db44474 100644
--- a/src/algo/rsa.hpp
+++ b/src/algo/rsa.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2014-2015, Regents of the University of California
+ * Copyright (c) 2014-2018, Regents of the University of California
*
* This file is part of gep (Group-based Encryption Protocol for NDN).
* See AUTHORS.md for complete list of gep authors and contributors.
@@ -20,10 +20,9 @@
#ifndef NDN_GEP_ALGO_RSA_HPP
#define NDN_GEP_ALGO_RSA_HPP
-#include <ndn-cxx/security/key-params.hpp>
-#include "../random-number-generator.hpp"
#include "encrypt-params.hpp"
#include "../decrypt-key.hpp"
+#include <ndn-cxx/security/key-params.hpp>
namespace ndn {
namespace gep {
@@ -33,20 +32,18 @@
{
public:
static DecryptKey<Rsa>
- generateKey(RandomNumberGenerator& rng, RsaKeyParams& params);
+ generateKey(RsaKeyParams& params);
static EncryptKey<Rsa>
deriveEncryptKey(const Buffer& keyBits);
static Buffer
decrypt(const uint8_t* key, size_t keyLen,
- const uint8_t* payload, size_t payloadLen,
- const EncryptParams& params);
+ const uint8_t* payload, size_t payloadLen);
static Buffer
encrypt(const uint8_t* key, size_t keyLen,
- const uint8_t* payload, size_t payloadLen,
- const EncryptParams& params);
+ const uint8_t* payload, size_t payloadLen);
};
typedef DecryptKey<Rsa> RsaPrivateKey;
diff --git a/src/common.hpp b/src/common.hpp
index 8844b72..14bca91 100644
--- a/src/common.hpp
+++ b/src/common.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2014-2015, Regents of the University of California
+ * Copyright (c) 2014-2018, Regents of the University of California
*
* This file is part of ndn-group-encrypt (Group-based Encryption Protocol for NDN).
* See AUTHORS.md for complete list of ndn-group-encrypt authors and contributors.
@@ -46,16 +46,22 @@
#include <cstddef>
#include <list>
#include <map>
-#include <set>
#include <queue>
+#include <set>
#include <unordered_map>
#include <unordered_set>
#include <vector>
#include <ndn-cxx/common.hpp>
-#include <ndn-cxx/interest.hpp>
#include <ndn-cxx/data.hpp>
+#include <ndn-cxx/interest.hpp>
#include <ndn-cxx/util/signal.hpp>
+#include <ndn-cxx/link.hpp>
+
+#include <ndn-cxx/security/v2/validation-callback.hpp>
+#include <ndn-cxx/security/v2/validation-error.hpp>
+#include <ndn-cxx/security/v2/validator.hpp>
+#include <ndn-cxx/security/validator-null.hpp>
#include <boost/algorithm/string.hpp>
#include <boost/asio.hpp>
@@ -93,6 +99,13 @@
using ndn::Exclude;
using ndn::Block;
+using security::v2::Certificate;
+using ndn::security::v2::Validator;
+using ndn::security::ValidatorNull;
+using security::v2::DataValidationSuccessCallback;
+using security::v2::DataValidationFailureCallback;
+using security::v2::ValidationError;
+
namespace tlv {
using namespace ndn::tlv;
} // namespace tlv
diff --git a/src/consumer-db.cpp b/src/consumer-db.cpp
index e2898ac..661ab04 100644
--- a/src/consumer-db.cpp
+++ b/src/consumer-db.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2014-2015, Regents of the University of California
+ * Copyright (c) 2014-2018, Regents of the University of California
*
* This file is part of ndn-group-encrypt (Group-based Encryption Protocol for NDN).
* See AUTHORS.md for complete list of ndn-group-encrypt authors and contributors.
@@ -16,29 +16,29 @@
* You should have received a copy of the GNU General Public License along with
* ndn-group-encrypt, e.g., in COPYING.md file. If not, see <http://www.gnu.org/licenses/>.
*
- * @author Zhiyi Zhang <dreamerbarrychang@gmail.com>
+ * @author Zhiyi Zhang <zhiyi@cs.ucla.edu>
*/
#include "consumer-db.hpp"
-
-#include <sqlite3.h>
-#include <boost/filesystem.hpp>
#include <ndn-cxx/util/sqlite3-statement.hpp>
+#include <boost/filesystem.hpp>
+#include <sqlite3.h>
namespace ndn {
namespace gep {
using util::Sqlite3Statement;
-static const std::string INITIALIZATION =
- "CREATE TABLE IF NOT EXISTS \n"
- " decryptionkeys( \n"
- " key_id INTEGER PRIMARY KEY, \n"
- " key_name BLOB NOT NULL, \n"
- " key_buf BLOB NOT NULL \n"
- " ); \n"
- "CREATE UNIQUE INDEX IF NOT EXISTS \n"
- " KeyNameIndex ON decryptionkeys(key_name); \n";
+static const std::string INITIALIZATION = R"_DBTEXT_(
+CREATE TABLE IF NOT EXISTS
+ decryptionkeys(
+ key_id INTEGER PRIMARY KEY,
+ key_name BLOB NOT NULL,
+ key_buf BLOB NOT NULL
+ );
+CREATE UNIQUE INDEX IF NOT EXISTS
+ KeyNameIndex ON decryptionkeys(key_name);
+)_DBTEXT_";
class ConsumerDB::Impl
{
@@ -47,14 +47,10 @@
{
// open Database
- int result = sqlite3_open_v2(dbPath.c_str(), &m_database,
+ int result = sqlite3_open_v2(dbPath.c_str(),
+ &m_database,
SQLITE_OPEN_READWRITE | SQLITE_OPEN_CREATE,
-#ifdef NDN_CXX_DISABLE_SQLITE3_FS_LOCKING
- "unix-dotfile"
-#else
- nullptr
-#endif
- );
+ nullptr);
if (result != SQLITE_OK)
BOOST_THROW_EXCEPTION(Error("GroupManager DB cannot be opened/created: " + dbPath));
@@ -89,8 +85,8 @@
ConsumerDB::getKey(const Name& keyName) const
{
Sqlite3Statement statement(m_impl->m_database,
- "SELECT key_buf FROM decryptionkeys\
- WHERE key_name=?");
+ R"_DBTEXT_(SELECT key_buf FROM decryptionkeys
+ WHERE key_name=?)_DBTEXT_");
statement.bind(1, keyName.wireEncode(), SQLITE_TRANSIENT);
Buffer result;
@@ -104,10 +100,10 @@
ConsumerDB::addKey(const Name& keyName, const Buffer& keyBuf)
{
Sqlite3Statement statement(m_impl->m_database,
- "INSERT INTO decryptionkeys(key_name, key_buf)\
- values (?, ?)");
+ R"_DBTEXT_(INSERT INTO decryptionkeys(key_name, key_buf)
+ values (?, ?))_DBTEXT_");
statement.bind(1, keyName.wireEncode(), SQLITE_TRANSIENT);
- statement.bind(2, keyBuf.buf(), keyBuf.size(), SQLITE_TRANSIENT);
+ statement.bind(2, keyBuf.data(), keyBuf.size(), SQLITE_TRANSIENT);
if (statement.step() != SQLITE_DONE)
BOOST_THROW_EXCEPTION(Error("Cannot add the key to database"));
@@ -117,7 +113,7 @@
ConsumerDB::deleteKey(const Name& keyName)
{
Sqlite3Statement statement(m_impl->m_database,
- "DELETE FROM decryptionkeys WHERE key_name=?");
+ R"_DBTEXT_(DELETE FROM decryptionkeys WHERE key_name=?)_DBTEXT_");
statement.bind(1, keyName.wireEncode(), SQLITE_TRANSIENT);
statement.step();
}
diff --git a/src/consumer-db.hpp b/src/consumer-db.hpp
index 61646e8..8500b67 100644
--- a/src/consumer-db.hpp
+++ b/src/consumer-db.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2014-2015, Regents of the University of California
+ * Copyright (c) 2014-2018, Regents of the University of California
*
* This file is part of ndn-group-encrypt (Group-based Encryption Protocol for NDN).
* See AUTHORS.md for complete list of ndn-group-encrypt authors and contributors.
diff --git a/src/consumer.cpp b/src/consumer.cpp
index 1d0477c..4470089 100644
--- a/src/consumer.cpp
+++ b/src/consumer.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2014-2015, Regents of the University of California
+ * Copyright (c) 2014-2018, Regents of the University of California
*
* This file is part of ndn-group-encrypt (Group-based Encryption Protocol for NDN).
* See AUTHORS.md for complete list of ndn-group-encrypt authors and contributors.
@@ -16,7 +16,7 @@
* You should have received a copy of the GNU General Public License along with
* ndn-group-encrypt, e.g., in COPYING.md file. If not, see <http://www.gnu.org/licenses/>.
*
- * @author Zhiyi Zhang <dreamerbarrychang@gmail.com>
+ * @author Zhiyi Zhang <zhiyi@cs.ucla.edu>
* @author Yingdi Yu <yingdi@cs.ucla.edu>
*/
@@ -30,7 +30,8 @@
// public
Consumer::Consumer(Face& face,
- const Name& groupName, const Name& consumerName,
+ const Name& groupName,
+ const Name& consumerName,
const std::string& dbPath,
const Link& cKeyLink,
const Link& dKeyLink)
@@ -67,12 +68,11 @@
shared_ptr<Interest> interest = make_shared<Interest>(contentName);
// prepare callback functions
- auto validationCallback =
- [=] (const shared_ptr<const Data>& validData) {
- // decrypt content
- decryptContent(*validData,
- [=] (const Buffer& plainText) { consumptionCallBack(*validData, plainText); },
- errorCallback);
+ auto validationCallback = [=] (const Data& validData) {
+ // decrypt content
+ decryptContent(validData,
+ [=] (const Buffer& plainText) { consumptionCallBack(validData, plainText); },
+ errorCallback);
};
sendInterest(*interest, 1, link, validationCallback, errorCallback);
@@ -93,24 +93,19 @@
case tlv::AlgorithmAesCbc: {
// prepare parameter
algo::EncryptParams decryptParams(tlv::AlgorithmAesCbc);
- decryptParams.setIV(encryptedContent.getInitialVector().buf(),
+ decryptParams.setIV(encryptedContent.getInitialVector().data(),
encryptedContent.getInitialVector().size());
// decrypt content
- Buffer content = algo::Aes::decrypt(keyBits.buf(), keyBits.size(),
- payload.buf(), payload.size(),
- decryptParams);
+ Buffer content = algo::Aes::decrypt(keyBits.data(), keyBits.size(),
+ payload.data(), payload.size(), decryptParams);
plainTextCallBack(content);
break;
}
case tlv::AlgorithmRsaOaep: {
- // prepare parameter
- algo::EncryptParams decryptParams(tlv::AlgorithmRsaOaep);
-
// decrypt content
- Buffer content = algo::Rsa::decrypt(keyBits.buf(), keyBits.size(),
- payload.buf(), payload.size(),
- decryptParams);
+ Buffer content = algo::Rsa::decrypt(keyBits.data(), keyBits.size(),
+ payload.data(), payload.size());
plainTextCallBack(content);
break;
}
@@ -143,10 +138,9 @@
shared_ptr<Interest> interest = make_shared<Interest>(interestName);
// prepare callback functions
- auto validationCallback =
- [=] (const shared_ptr<const Data>& validCKeyData) {
+ DataValidationSuccessCallback validationCallback = [=] (const Data& validCKeyData) {
// decrypt content
- decryptCKey(*validCKeyData,
+ decryptCKey(validCKeyData,
[=] (const Buffer& cKeyBits) {
decrypt(encryptedContent, cKeyBits, plainTextCallBack, errorCallback);
this->m_cKeyMap.insert(std::make_pair(cKeyName, cKeyBits));
@@ -183,10 +177,9 @@
shared_ptr<Interest> interest = make_shared<Interest>(interestName);
// prepare callback functions
- auto validationCallback =
- [=] (const shared_ptr<const Data>& validDKeyData) {
+ DataValidationSuccessCallback validationCallback = [=] (const Data& validDKeyData) {
// decrypt content
- decryptDKey(*validDKeyData,
+ decryptDKey(validDKeyData,
[=] (const Buffer& dKeyBits) {
decrypt(cKeyContent, dKeyBits, plainTextCallBack, errorCallback);
this->m_dKeyMap.insert(std::make_pair(dKeyName, dKeyBits));
@@ -219,8 +212,7 @@
// get consumer decryption key
Buffer consumerKeyBuf = getDecryptionKey(consumerKeyName);
if (consumerKeyBuf.empty()) {
- errorCallback(ErrorCode::NoDecryptKey,
- "No desired consumer decryption key in database");
+ errorCallback(ErrorCode::NoDecryptKey, "No desired consumer decryption key in database");
return;
}
@@ -229,7 +221,8 @@
Block encryptedPayloadBlock = *it;
// decrypt d-key
- decrypt(encryptedNonceBlock, consumerKeyBuf,
+ decrypt(encryptedNonceBlock,
+ consumerKeyBuf,
[&] (const Buffer& nonceKeyBits) {
decrypt(encryptedPayloadBlock, nonceKeyBits, plainTextCallBack, errorCallback);
},
@@ -243,45 +236,52 @@
}
void
-Consumer::sendInterest(const Interest& interest, int nRetrials,
+Consumer::sendInterest(const Interest& interest,
+ int nRetrials,
const Link& link,
- const OnDataValidated& validationCallback,
+ const DataValidationSuccessCallback& validationCallback,
const ErrorCallBack& errorCallback)
{
auto dataCallback = [=] (const Interest& contentInterest, const Data& contentData) {
if (!contentInterest.matchesData(contentData))
return;
-
- this->m_validator->validate(contentData, validationCallback,
- [=] (const shared_ptr<const Data>& d, const std::string& e) {
- errorCallback(ErrorCode::Validation, e);
- });
+ DataValidationFailureCallback onValidationFailure = [=] (const Data& data,
+ const ValidationError& error) {
+ errorCallback(ErrorCode::Validation, error.getInfo());
+ };
+ this->m_validator->validate(contentData, validationCallback, onValidationFailure);
};
// set link object if it is available
Interest request(interest);
- if (!link.getDelegations().empty()) {
- request.setLink(link.wireEncode());
+ if (!link.getDelegationList().empty()) {
+ request.setForwardingHint(link.getDelegationList());
}
m_face.expressInterest(request, dataCallback,
- std::bind(&Consumer::handleNack, this, _1, _2,
- link, validationCallback, errorCallback),
- std::bind(&Consumer::handleTimeout, this, _1, nRetrials,
- link, validationCallback, errorCallback));
+ std::bind(&Consumer::handleNack, this, _1, _2, link,
+ validationCallback, errorCallback),
+ std::bind(&Consumer::handleTimeout, this, _1, nRetrials, link,
+ validationCallback, errorCallback));
}
void
-Consumer::handleNack(const Interest& interest, const lp::Nack& nack, const Link& link,
- const OnDataValidated& callback, const ErrorCallBack& errorCallback)
+Consumer::handleNack(const Interest& interest,
+ const lp::Nack& nack,
+ const Link& link,
+ const DataValidationSuccessCallback& callback,
+ const ErrorCallBack& errorCallback)
{
// we run out of options, report retrieval failure.
errorCallback(ErrorCode::DataRetrievalFailure, interest.getName().toUri());
}
void
-Consumer::handleTimeout(const Interest& interest, int nRetrials, const Link& link,
- const OnDataValidated& callback, const ErrorCallBack& errorCallback)
+Consumer::handleTimeout(const Interest& interest,
+ int nRetrials,
+ const Link& link,
+ const DataValidationSuccessCallback& callback,
+ const ErrorCallBack& errorCallback)
{
if (nRetrials > 0) {
sendInterest(interest, nRetrials - 1, link, callback, errorCallback);
diff --git a/src/consumer.hpp b/src/consumer.hpp
index 4c7ee91..777425d 100644
--- a/src/consumer.hpp
+++ b/src/consumer.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2014-2015, Regents of the University of California
+ * Copyright (c) 2014-2018, Regents of the University of California
*
* This file is part of ndn-group-encrypt (Group-based Encryption Protocol for NDN).
* See AUTHORS.md for complete list of ndn-group-encrypt authors and contributors.
@@ -16,25 +16,25 @@
* You should have received a copy of the GNU General Public License along with
* ndn-group-encrypt, e.g., in COPYING.md file. If not, see <http://www.gnu.org/licenses/>.
*
- * @author Zhiyi Zhang <dreamerbarrychang@gmail.com>
+ * @author Zhiyi Zhang <zhiyi@cs.ucla.edu>
* @author Yingdi Yu <yingdi@cs.ucla.edu>
*/
#ifndef NDN_GEP_CONSUMER_HPP
#define NDN_GEP_CONSUMER_HPP
-#include "algo/rsa.hpp"
-#include "algo/aes.hpp"
+#include "common.hpp"
#include "consumer-db.hpp"
#include "error-code.hpp"
-
-#include <ndn-cxx/security/validator-null.hpp>
+#include "algo/aes.hpp"
+#include "algo/rsa.hpp"
#include <ndn-cxx/face.hpp>
+#include <ndn-cxx/security/validator-null.hpp>
namespace ndn {
namespace gep {
-typedef function<void (const Data&, const Buffer&)> ConsumptionCallBack;
+typedef function<void(const Data&, const Buffer&)> ConsumptionCallBack;
/**
* @brief Consumer in group-based encryption protocol
@@ -42,7 +42,7 @@
class Consumer
{
private:
- typedef function<void (const Buffer&)> PlainTextCallBack;
+ typedef function<void(const Buffer&)> PlainTextCallBack;
public:
/**
@@ -55,8 +55,12 @@
* @param cKeyLink The link object for C-KEY retrieval
* @param dKeyLink The link object for D-KEY retrieval
*/
- Consumer(Face& face, const Name& groupName, const Name& consumerName, const std::string& dbPath,
- const Link& cKeyLink = NO_LINK, const Link& dKeyLink = NO_LINK);
+ Consumer(Face& face,
+ const Name& groupName,
+ const Name& consumerName,
+ const std::string& dbPath,
+ const Link& cKeyLink = NO_LINK,
+ const Link& dKeyLink = NO_LINK);
/**
* @brief Send out the Interest packet to fetch content packet with @p dataName.
@@ -85,7 +89,6 @@
addDecryptionKey(const Name& keyName, const Buffer& keyBuf);
PUBLIC_WITH_TESTS_ELSE_PRIVATE:
-
/**
* @brief Decrypt @p encryptedBlock using @p keyBits
*
@@ -149,9 +152,10 @@
* @param errorCallback The callback when error happens
*/
void
- sendInterest(const Interest& interest, int nRetrials,
+ sendInterest(const Interest& interest,
+ int nRetrials,
const Link& link,
- const OnDataValidated& validationCallback,
+ const DataValidationSuccessCallback& validationCallback,
const ErrorCallBack& errorCallback);
/**
@@ -167,9 +171,10 @@
* @param errorCallback The callback when error happens
*/
void
- handleNack(const Interest& interest, const lp::Nack& nack,
+ handleNack(const Interest& interest,
+ const lp::Nack& nack,
const Link& link,
- const OnDataValidated& validationCallback,
+ const DataValidationSuccessCallback& validationCallback,
const ErrorCallBack& errorCallback);
/**
@@ -185,9 +190,10 @@
* @param errorCallback The callback when error happens
*/
void
- handleTimeout(const Interest& interest, int nRetrials,
+ handleTimeout(const Interest& interest,
+ int nRetrials,
const Link& link,
- const OnDataValidated& validationCallback,
+ const DataValidationSuccessCallback& validationCallback,
const ErrorCallBack& errorCallback);
public:
diff --git a/src/cryptopp.hpp b/src/cryptopp.hpp
deleted file mode 100644
index a7a1ae8..0000000
--- a/src/cryptopp.hpp
+++ /dev/null
@@ -1,44 +0,0 @@
-/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
-/**
- * Copyright (c) 2014-2015, Regents of the University of California
- *
- * This file is part of ndn-group-encrypt (Group-based Encryption Protocol for NDN).
- * See AUTHORS.md for complete list of ndn-group-encrypt authors and contributors.
- *
- * ndn-group-encrypt is free software: you can redistribute it and/or modify it under
- * the terms of the GNU General Public License as published by the Free Software
- * Foundation, either version 3 of the License, or (at your option) any later version.
- *
- * ndn-group-encrypt is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
- * A PARTICULAR PURPOSE. See the GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along with
- * ndn-group-encrypt, e.g., in COPYING.md file. If not, see <http://www.gnu.org/licenses/>.
- */
-
-#ifndef NDN_GEP_CRYPTOPP_HPP
-#define NDN_GEP_CRYPTOPP_HPP
-
-// suppress CryptoPP warnings
-#pragma GCC system_header
-#pragma clang system_header
-
-#include <cryptopp/asn.h>
-#include <cryptopp/base64.h>
-#include <cryptopp/des.h>
-#include <cryptopp/files.h>
-#include <cryptopp/filters.h>
-#include <cryptopp/hex.h>
-#include <cryptopp/modes.h>
-#include <cryptopp/osrng.h>
-#include <cryptopp/pssr.h>
-#include <cryptopp/pwdbased.h>
-#include <cryptopp/rsa.h>
-#include <cryptopp/sha.h>
-#include <cryptopp/eccrypto.h>
-#include <cryptopp/oids.h>
-#include <cryptopp/dsa.h>
-#include <cryptopp/cryptlib.h>
-
-#endif // NDN_GEP_CRYPTOPP_HPP
diff --git a/src/encrypted-content.cpp b/src/encrypted-content.cpp
index 3e0879f..68d0e9c 100644
--- a/src/encrypted-content.cpp
+++ b/src/encrypted-content.cpp
@@ -1,7 +1,28 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/**
+ * Copyright (c) 2014-2018, Regents of the University of California
+ *
+ * This file is part of gep (Group-based Encryption Protocol for NDN).
+ * See AUTHORS.md for complete list of gep authors and contributors.
+ *
+ * gep is free software: you can redistribute it and/or modify it under the terms
+ * of the GNU General Public License as published by the Free Software Foundation,
+ * either version 3 of the License, or (at your option) any later version.
+ *
+ * gep is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
+ * without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+ * PURPOSE. See the GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * gep, e.g., in COPYING.md file. If not, see <http://www.gnu.org/licenses/>.
+ *
+ * @author Yingdi Yu <yingdi@cs.ucla.edu>
+ * @author Zhiyi Zhang <zhiyi@cs.ucla.edu>
+ */
+
#include "encrypted-content.hpp"
#include <ndn-cxx/encoding/block-helpers.hpp>
#include <ndn-cxx/util/concepts.hpp>
-
#include <boost/lexical_cast.hpp>
namespace ndn {
@@ -19,9 +40,12 @@
{
}
-EncryptedContent::EncryptedContent(tlv::AlgorithmTypeValue type, const KeyLocator& keyLocator,
- const uint8_t* payload, size_t payloadLen,
- const uint8_t* iv, size_t ivLen)
+EncryptedContent::EncryptedContent(tlv::AlgorithmTypeValue type,
+ const KeyLocator& keyLocator,
+ const uint8_t* payload,
+ size_t payloadLen,
+ const uint8_t* iv,
+ size_t ivLen)
: m_type(type)
, m_hasKeyLocator(true)
, m_keyLocator(keyLocator)
@@ -57,7 +81,7 @@
if (m_hasKeyLocator)
return m_keyLocator;
else
- throw Error("KeyLocator does not exist");
+ BOOST_THROW_EXCEPTION(Error("KeyLocator does not exist"));
}
void
@@ -93,23 +117,24 @@
size_t totalLength = 0;
if (m_payload.size() != 0)
- totalLength += block.prependByteArrayBlock(tlv::EncryptedPayload, m_payload.buf(), m_payload.size());
+ totalLength +=
+ block.prependByteArrayBlock(tlv::EncryptedPayload, m_payload.data(), m_payload.size());
else
- throw Error("EncryptedContent does not have a payload");
+ BOOST_THROW_EXCEPTION(Error("EncryptedContent does not have a payload"));
if (m_iv.size() != 0) {
- totalLength += block.prependByteArrayBlock(tlv::InitialVector, m_iv.buf(), m_iv.size());
+ totalLength += block.prependByteArrayBlock(tlv::InitialVector, m_iv.data(), m_iv.size());
}
if (m_type != -1)
totalLength += prependNonNegativeIntegerBlock(block, tlv::EncryptionAlgorithm, m_type);
else
- throw Error("EncryptedContent does not have an encryption algorithm");
+ BOOST_THROW_EXCEPTION(Error("EncryptedContent does not have an encryption algorithm"));
if (m_hasKeyLocator)
totalLength += m_keyLocator.wireEncode(block);
else
- throw Error("EncryptedContent does not have a key locator");
+ BOOST_THROW_EXCEPTION(Error("EncryptedContent does not have a key locator"));
totalLength += block.prependVarNumber(totalLength);
totalLength += block.prependVarNumber(tlv::EncryptedContent);
@@ -136,7 +161,7 @@
EncryptedContent::wireDecode(const Block& wire)
{
if (!wire.hasWire()) {
- throw Error("The supplied block does not contain wire format");
+ BOOST_THROW_EXCEPTION(Error("The supplied block does not contain wire format"));
}
m_hasKeyLocator = false;
@@ -145,7 +170,7 @@
m_wire.parse();
if (m_wire.type() != tlv::EncryptedContent)
- throw Error("Unexpected TLV type when decoding Name");
+ BOOST_THROW_EXCEPTION(Error("Unexpected TLV type when decoding Name"));
Block::element_const_iterator it = m_wire.elements_begin();
@@ -155,14 +180,14 @@
it++;
}
else
- throw Error("EncryptedContent does not have key locator");
+ BOOST_THROW_EXCEPTION(Error("EncryptedContent does not have key locator"));
if (it != m_wire.elements_end() && it->type() == tlv::EncryptionAlgorithm) {
m_type = readNonNegativeInteger(*it);
it++;
}
else
- throw Error("EncryptedContent does not have encryption algorithm");
+ BOOST_THROW_EXCEPTION(Error("EncryptedContent does not have encryption algorithm"));
if (it != m_wire.elements_end() && it->type() == tlv::InitialVector) {
m_iv = Buffer(it->value_begin(), it->value_end());
@@ -176,10 +201,10 @@
it++;
}
else
- throw Error("EncryptedContent has missing payload");
+ BOOST_THROW_EXCEPTION(Error("EncryptedContent has missing payload"));
if (it != m_wire.elements_end()) {
- throw Error("EncryptedContent has extraneous sub-TLVs");
+ BOOST_THROW_EXCEPTION(Error("EncryptedContent has extraneous sub-TLVs"));
}
}
diff --git a/src/encrypted-content.hpp b/src/encrypted-content.hpp
index 2d861a3..8a96fc7 100644
--- a/src/encrypted-content.hpp
+++ b/src/encrypted-content.hpp
@@ -1,11 +1,31 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/**
+ * Copyright (c) 2014-2018, Regents of the University of California
+ *
+ * This file is part of gep (Group-based Encryption Protocol for NDN).
+ * See AUTHORS.md for complete list of gep authors and contributors.
+ *
+ * gep is free software: you can redistribute it and/or modify it under the terms
+ * of the GNU General Public License as published by the Free Software Foundation,
+ * either version 3 of the License, or (at your option) any later version.
+ *
+ * gep is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
+ * without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+ * PURPOSE. See the GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * gep, e.g., in COPYING.md file. If not, see <http://www.gnu.org/licenses/>.
+ *
+ * @author Yingdi Yu <yingdi@cs.ucla.edu>
+ */
+
#ifndef NDN_ENCRYPTED_CONTENT_HPP
#define NDN_ENCRYPTED_CONTENT_HPP
+#include "tlv.hpp"
+#include <list>
#include <ndn-cxx/encoding/tlv.hpp>
#include <ndn-cxx/key-locator.hpp>
-#include <list>
-
-#include "tlv.hpp"
namespace ndn {
namespace gep {
@@ -15,23 +35,24 @@
public:
class Error : public ndn::tlv::Error
{
- public:
- explicit
- Error(const std::string& what)
+ public:
+ explicit Error(const std::string& what)
: ndn::tlv::Error(what)
- {
- }
+ {
+ }
};
public:
EncryptedContent();
- EncryptedContent(tlv::AlgorithmTypeValue type, const KeyLocator& keyLocator,
- const uint8_t* payload, size_t payloadLen,
- const uint8_t* iv = 0, size_t ivLen = 0);
+ EncryptedContent(tlv::AlgorithmTypeValue type,
+ const KeyLocator& keyLocator,
+ const uint8_t* payload,
+ size_t payloadLen,
+ const uint8_t* iv = 0,
+ size_t ivLen = 0);
- explicit
- EncryptedContent(const Block& block);
+ explicit EncryptedContent(const Block& block);
void
setAlgorithmType(tlv::AlgorithmTypeValue type);
@@ -45,7 +66,7 @@
bool
hasKeyLocator() const
{
- return m_hasKeyLocator;
+ return m_hasKeyLocator;
}
void
diff --git a/src/error-code.hpp b/src/error-code.hpp
index 5ccf820..e070efe 100644
--- a/src/error-code.hpp
+++ b/src/error-code.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2014-2015, Regents of the University of California
+ * Copyright (c) 2014-2018, Regents of the University of California
*
* This file is part of ndn-group-encrypt (Group-based Encryption Protocol for NDN).
* See AUTHORS.md for complete list of ndn-group-encrypt authors and contributors.
diff --git a/src/group-manager-db.cpp b/src/group-manager-db.cpp
index 6b0eb2d..57a3697 100644
--- a/src/group-manager-db.cpp
+++ b/src/group-manager-db.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2014-2017, Regents of the University of California
+ * Copyright (c) 2014-2018, Regents of the University of California
*
* This file is part of ndn-group-encrypt (Group-based Encryption Protocol for NDN).
* See AUTHORS.md for complete list of ndn-group-encrypt authors and contributors.
@@ -16,55 +16,54 @@
* You should have received a copy of the GNU General Public License along with
* ndn-group-encrypt, e.g., in COPYING.md file. If not, see <http://www.gnu.org/licenses/>.
*
- * @author Zhiyi Zhang <dreamerbarrychang@gmail.com>
+ * @author Zhiyi Zhang <zhiyi@cs.ucla.edu>
*/
#include "group-manager-db.hpp"
#include "algo/rsa.hpp"
-
-#include <sqlite3.h>
-#include <boost/filesystem.hpp>
#include <ndn-cxx/util/sqlite3-statement.hpp>
-#include <ndn-cxx/security/identity-certificate.hpp>
+#include <boost/filesystem.hpp>
+#include <sqlite3.h>
+#include <ndn-cxx/util/string-helper.hpp>
namespace ndn {
namespace gep {
using util::Sqlite3Statement;
-static const std::string INITIALIZATION =
- "CREATE TABLE IF NOT EXISTS \n"
- " schedules( \n"
- " schedule_id INTEGER PRIMARY KEY, \n"
- " schedule_name TEXT NOT NULL, \n"
- " schedule BLOB NOT NULL \n"
- " ); \n"
- "CREATE UNIQUE INDEX IF NOT EXISTS \n"
- " scheduleNameIndex ON schedules(schedule_name); \n"
- " \n"
- "CREATE TABLE IF NOT EXISTS \n"
- " members( \n"
- " member_id INTEGER PRIMARY KEY, \n"
- " schedule_id INTEGER NOT NULL, \n"
- " member_name BLOB NOT NULL, \n"
- " key_name BLOB NOT NULL, \n"
- " pubkey BLOB NOT NULL, \n"
- " FOREIGN KEY(schedule_id) \n"
- " REFERENCES schedules(schedule_id) \n"
- " ON DELETE CASCADE \n"
- " ON UPDATE CASCADE \n"
- " ); \n"
- "CREATE UNIQUE INDEX IF NOT EXISTS \n"
- " memNameIndex ON members(member_name); \n"
- " \n"
- "CREATE TABLE IF NOT EXISTS \n"
- " ekeys( \n"
- " ekey_id INTEGER PRIMARY KEY, \n"
- " ekey_name BLOB NOT NULL, \n"
- " pub_key BLOB NOT NULL \n"
- " ); \n"
- "CREATE UNIQUE INDEX IF NOT EXISTS \n"
- " ekeyNameIndex ON ekeys(ekey_name); \n";
+static const std::string INITIALIZATION = R"_DBTEXT_(
+CREATE TABLE IF NOT EXISTS
+ schedules(
+ schedule_id INTEGER PRIMARY KEY,
+ schedule_name TEXT NOT NULL,
+ schedule BLOB NOT NULL
+ );
+CREATE UNIQUE INDEX IF NOT EXISTS
+ scheduleNameIndex ON schedules(schedule_name);
+
+CREATE TABLE IF NOT EXISTS
+ members(
+ member_id INTEGER PRIMARY KEY,
+ schedule_id INTEGER NOT NULL,
+ member_name BLOB NOT NULL,
+ key_name BLOB NOT NULL,
+ pubkey BLOB NOT NULL,
+ FOREIGN KEY(schedule_id)
+ REFERENCES schedules(schedule_id)
+ ON DELETE CASCADE
+ ON UPDATE CASCADE
+ );
+CREATE UNIQUE INDEX IF NOT EXISTS
+ memNameIndex ON members(member_name);
+
+CREATE TABLE IF NOT EXISTS
+ ekeys(
+ ekey_id INTEGER PRIMARY KEY,
+ ekey_name BLOB NOT NULL,
+ pub_key BLOB NOT NULL
+ );
+CREATE UNIQUE INDEX IF NOT EXISTS
+ ekeyNameIndex ON ekeys(ekey_name);)_DBTEXT_";
class GroupManagerDB::Impl
{
@@ -73,14 +72,10 @@
{
// open Database
- int result = sqlite3_open_v2(dbPath.c_str(), &m_database,
+ int result = sqlite3_open_v2(dbPath.c_str(),
+ &m_database,
SQLITE_OPEN_READWRITE | SQLITE_OPEN_CREATE,
-#ifdef NDN_CXX_DISABLE_SQLITE3_FS_LOCKING
- "unix-dotfile"
-#else
- nullptr
-#endif
- );
+ nullptr);
if (result != SQLITE_OK)
BOOST_THROW_EXCEPTION(Error("GroupManager DB cannot be opened/created: " + dbPath));
@@ -106,7 +101,8 @@
getScheduleId(const std::string& name) const
{
Sqlite3Statement statement(m_database,
- "SELECT schedule_id FROM schedules WHERE schedule_name=?");
+ R"_DBTEXT_(SELECT schedule_id FROM schedules
+ WHERE schedule_name=?)_DBTEXT_");
statement.bind(1, name, SQLITE_TRANSIENT);
int result = -1;
@@ -131,7 +127,8 @@
GroupManagerDB::hasSchedule(const std::string& name) const
{
Sqlite3Statement statement(m_impl->m_database,
- "SELECT schedule_id FROM schedules where schedule_name=?");
+ R"_DBTEXT_(SELECT schedule_id FROM schedules
+ WHERE schedule_name=?)_DBTEXT_");
statement.bind(1, name, SQLITE_TRANSIENT);
return (statement.step() == SQLITE_ROW);
}
@@ -141,7 +138,7 @@
{
std::list<std::string> result;
Sqlite3Statement statement(m_impl->m_database,
- "SELECT schedule_name FROM schedules");
+ R"_DBTEXT_(SELECT schedule_name FROM schedules)_DBTEXT_");
result.clear();
while (statement.step() == SQLITE_ROW) {
@@ -154,7 +151,7 @@
GroupManagerDB::getSchedule(const std::string& name) const
{
Sqlite3Statement statement(m_impl->m_database,
- "SELECT schedule FROM schedules where schedule_name=?");
+ R"_DBTEXT_(SELECT schedule FROM schedules where schedule_name=?)_DBTEXT_");
statement.bind(1, name, SQLITE_TRANSIENT);
Schedule result;
@@ -172,10 +169,10 @@
{
std::map<Name, Buffer> result;
Sqlite3Statement statement(m_impl->m_database,
- "SELECT key_name, pubkey\
- FROM members JOIN schedules\
- ON members.schedule_id=schedules.schedule_id\
- WHERE schedule_name=?");
+ R"_DBTEXT_(SELECT key_name, pubkey
+ FROM members JOIN schedules
+ ON members.schedule_id=schedules.schedule_id
+ WHERE schedule_name=?)_DBTEXT_");
statement.bind(1, name, SQLITE_TRANSIENT);
result.clear();
@@ -195,8 +192,8 @@
BOOST_ASSERT(name.length() != 0);
Sqlite3Statement statement(m_impl->m_database,
- "INSERT INTO schedules (schedule_name, schedule)\
- values (?, ?)");
+ R"_DBTEXT_(INSERT INTO schedules (schedule_name, schedule)
+ values (?, ?))_DBTEXT_");
statement.bind(1, name, SQLITE_TRANSIENT);
statement.bind(2, schedule.wireEncode(), SQLITE_TRANSIENT);
if (statement.step() != SQLITE_DONE)
@@ -207,7 +204,7 @@
GroupManagerDB::deleteSchedule(const std::string& name)
{
Sqlite3Statement statement(m_impl->m_database,
- "DELETE FROM schedules WHERE schedule_name=?");
+ R"_DBTEXT_(DELETE FROM schedules WHERE schedule_name=?)_DBTEXT_");
statement.bind(1, name, SQLITE_TRANSIENT);
statement.step();
}
@@ -218,7 +215,8 @@
BOOST_ASSERT(newName.length() != 0);
Sqlite3Statement statement(m_impl->m_database,
- "UPDATE schedules SET schedule_name=? WHERE schedule_name=?");
+ R"_DBTEXT_(UPDATE schedules SET schedule_name=?
+ WHERE schedule_name=?)_DBTEXT_");
statement.bind(1, newName, SQLITE_TRANSIENT);
statement.bind(2, oldName, SQLITE_TRANSIENT);
if (statement.step() != SQLITE_DONE)
@@ -234,7 +232,8 @@
}
Sqlite3Statement statement(m_impl->m_database,
- "UPDATE schedules SET schedule=? WHERE schedule_name=?");
+ R"_DBTEXT_(UPDATE schedules SET schedule=?
+ WHERE schedule_name=?)_DBTEXT_");
statement.bind(1, schedule.wireEncode(), SQLITE_TRANSIENT);
statement.bind(2, name, SQLITE_TRANSIENT);
statement.step();
@@ -244,7 +243,7 @@
GroupManagerDB::hasMember(const Name& identity) const
{
Sqlite3Statement statement(m_impl->m_database,
- "SELECT member_id FROM members WHERE member_name=?");
+ R"_DBTEXT_(SELECT member_id FROM members WHERE member_name=?)_DBTEXT_");
statement.bind(1, identity.wireEncode(), SQLITE_TRANSIENT);
return (statement.step() == SQLITE_ROW);
}
@@ -254,7 +253,7 @@
{
std::list<Name> result;
Sqlite3Statement statement(m_impl->m_database,
- "SELECT member_name FROM members");
+ R"_DBTEXT_(SELECT member_name FROM members)_DBTEXT_");
result.clear();
while (statement.step() == SQLITE_ROW) {
@@ -267,10 +266,10 @@
GroupManagerDB::getMemberSchedule(const Name& identity) const
{
Sqlite3Statement statement(m_impl->m_database,
- "SELECT schedule_name\
- FROM schedules JOIN members\
- ON schedules.schedule_id = members.schedule_id\
- WHERE member_name=?");
+ R"_DBTEXT_(SELECT schedule_name
+ FROM schedules JOIN members
+ ON schedules.schedule_id = members.schedule_id
+ WHERE member_name=?)_DBTEXT_");
statement.bind(1, identity.wireEncode(), SQLITE_TRANSIENT);
std::string result = "";
@@ -284,8 +283,7 @@
}
void
-GroupManagerDB::addMember(const std::string& scheduleName, const Name& keyName,
- const Buffer& key)
+GroupManagerDB::addMember(const std::string& scheduleName, const Name& keyName, const Buffer& key)
{
int scheduleId = m_impl->getScheduleId(scheduleName);
if (scheduleId == -1)
@@ -295,12 +293,12 @@
Name memberName = keyName.getPrefix(-1);
Sqlite3Statement statement(m_impl->m_database,
- "INSERT INTO members(schedule_id, member_name, key_name, pubkey)\
- values (?, ?, ?, ?)");
+ R"_DBTEXT_(INSERT INTO members(schedule_id, member_name, key_name, pubkey)
+ values (?, ?, ?, ?))_DBTEXT_");
statement.bind(1, scheduleId);
statement.bind(2, memberName.wireEncode(), SQLITE_TRANSIENT);
statement.bind(3, keyName.wireEncode(), SQLITE_TRANSIENT);
- statement.bind(4, key.buf(), key.size(), SQLITE_TRANSIENT);
+ statement.bind(4, key.data(), key.size(), SQLITE_TRANSIENT);
if (statement.step() != SQLITE_DONE)
BOOST_THROW_EXCEPTION(Error("Cannot add the member to database"));
@@ -314,7 +312,8 @@
BOOST_THROW_EXCEPTION(Error("The schedule dose not exist"));
Sqlite3Statement statement(m_impl->m_database,
- "UPDATE members SET schedule_id=? WHERE member_name=?");
+ R"_DBTEXT_(UPDATE members SET schedule_id=?
+ WHERE member_name=?)_DBTEXT_");
statement.bind(1, scheduleId);
statement.bind(2, identity.wireEncode(), SQLITE_TRANSIENT);
statement.step();
@@ -324,7 +323,7 @@
GroupManagerDB::deleteMember(const Name& identity)
{
Sqlite3Statement statement(m_impl->m_database,
- "DELETE FROM members WHERE member_name=?");
+ R"_DBTEXT_(DELETE FROM members WHERE member_name=?)_DBTEXT_");
statement.bind(1, identity.wireEncode(), SQLITE_TRANSIENT);
statement.step();
}
@@ -333,7 +332,7 @@
GroupManagerDB::hasEKey(const Name& eKeyName)
{
Sqlite3Statement statement(m_impl->m_database,
- "SELECT ekey_id FROM ekeys where ekey_name=?");
+ R"_DBTEXT_(SELECT ekey_id FROM ekeys where ekey_name=?)_DBTEXT_");
statement.bind(1, eKeyName.wireEncode(), SQLITE_TRANSIENT);
return (statement.step() == SQLITE_ROW);
}
@@ -342,9 +341,10 @@
GroupManagerDB::addEKey(const Name& eKeyName, const Buffer& pubKey, const Buffer& priKey)
{
Sqlite3Statement statement(m_impl->m_database,
- "INSERT INTO ekeys(ekey_name, pub_key) values (?, ?)");
+ R"_DBTEXT_(INSERT INTO ekeys(ekey_name, pub_key)
+ values (?, ?))_DBTEXT_");
statement.bind(1, eKeyName.wireEncode(), SQLITE_TRANSIENT);
- statement.bind(2, pubKey.buf(), pubKey.size(), SQLITE_TRANSIENT);
+ statement.bind(2, pubKey.data(), pubKey.size(), SQLITE_TRANSIENT);
if (statement.step() != SQLITE_DONE)
BOOST_THROW_EXCEPTION(Error("Cannot add the EKey to database"));
@@ -355,7 +355,7 @@
GroupManagerDB::getEKey(const Name& eKeyName)
{
Sqlite3Statement statement(m_impl->m_database,
- "SELECT * FROM ekeys where ekey_name=?");
+ R"_DBTEXT_(SELECT * FROM ekeys where ekey_name=?)_DBTEXT_");
statement.bind(1, eKeyName.wireEncode(), SQLITE_TRANSIENT);
Buffer pubKey, priKey;
@@ -371,7 +371,8 @@
void
GroupManagerDB::cleanEKeys()
{
- Sqlite3Statement statement(m_impl->m_database, "DELETE FROM ekeys");
+ Sqlite3Statement statement(m_impl->m_database,
+ R"_DBTEXT_(DELETE FROM ekeys)_DBTEXT_");
statement.step();
m_impl->m_priKeyBase.clear();
}
@@ -380,12 +381,14 @@
GroupManagerDB::deleteEKey(const Name& eKeyName)
{
Sqlite3Statement statement(m_impl->m_database,
- "DELETE FROM ekeys WHERE ekey_name=?");
+ R"_DBTEXT_(DELETE FROM ekeys WHERE ekey_name=?)_DBTEXT_");
statement.bind(1, eKeyName.wireEncode(), SQLITE_TRANSIENT);
statement.step();
auto search = m_impl->m_priKeyBase.find(eKeyName);
- m_impl->m_priKeyBase.erase(search);
+ if (search != m_impl->m_priKeyBase.end()) {
+ m_impl->m_priKeyBase.erase(search);
+ }
}
} // namespace gep
diff --git a/src/group-manager-db.hpp b/src/group-manager-db.hpp
index cbf4ecd..a311ecf 100644
--- a/src/group-manager-db.hpp
+++ b/src/group-manager-db.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2014-2015, Regents of the University of California
+ * Copyright (c) 2014-2018, Regents of the University of California
*
* This file is part of ndn-group-encrypt (Group-based Encryption Protocol for NDN).
* See AUTHORS.md for complete list of ndn-group-encrypt authors and contributors.
@@ -16,7 +16,7 @@
* You should have received a copy of the GNU General Public License along with
* ndn-group-encrypt, e.g., in COPYING.md file. If not, see <http://www.gnu.org/licenses/>.
*
- * @author Zhiyi Zhang <dreamerbarrychang@gmail.com>
+ * @author Zhiyi Zhang <zhiyi@cs.ucla.edu>
*/
#ifndef GEP_GROUP_MANAGER_DB_HPP
@@ -38,8 +38,7 @@
class Error : public std::runtime_error
{
public:
- explicit
- Error(const std::string& what)
+ explicit Error(const std::string& what)
: std::runtime_error(what)
{
}
@@ -49,8 +48,7 @@
/**
* @brief Create the database of group manager at path @p dbPath.
*/
- explicit
- GroupManagerDB(const std::string& dbPath);
+ explicit GroupManagerDB(const std::string& dbPath);
~GroupManagerDB();
@@ -147,8 +145,7 @@
* @throw Error if add operation fails, e.g., the added member exists
*/
void
- addMember(const std::string& scheduleName, const Name& keyName,
- const Buffer& key);
+ addMember(const std::string& scheduleName, const Name& keyName, const Buffer& key);
/**
* @brief Change the schedule of a member with name @p identity to a schedule with @p scheduleName
diff --git a/src/group-manager.cpp b/src/group-manager.cpp
index bd5feb0..dfcb260 100644
--- a/src/group-manager.cpp
+++ b/src/group-manager.cpp
@@ -1,35 +1,45 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2014-2015, Regents of the University of California
+ * Copyright (c) 2014-2018, Regents of the University of California
*
- * This file is part of ndn-group-encrypt (Group-based Encryption Protocol for NDN).
- * See AUTHORS.md for complete list of ndn-group-encrypt authors and contributors.
+ * This file is part of ndn-group-encrypt (Group-based Encryption Protocol for
+ * NDN). See AUTHORS.md for complete list of ndn-group-encrypt authors and
+ * contributors.
*
- * ndn-group-encrypt is free software: you can redistribute it and/or modify it under the terms
- * of the GNU General Public License as published by the Free Software Foundation,
- * either version 3 of the License, or (at your option) any later version.
+ * ndn-group-encrypt is free software: you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the Free
+ * Software Foundation, either version 3 of the License, or (at your option) any
+ * later version.
*
- * ndn-group-encrypt is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
- * without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
- * PURPOSE. See the GNU General Public License for more details.
+ * ndn-group-encrypt is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
+ * more details.
*
* You should have received a copy of the GNU General Public License along with
- * ndn-group-encrypt, e.g., in COPYING.md file. If not, see <http://www.gnu.org/licenses/>.
+ * ndn-group-encrypt, e.g., in COPYING.md file. If not, see
+ * <http://www.gnu.org/licenses/>.
*
- * @author Zhiyi Zhang <dreamerbarrychang@gmail.com>
+ * @author Zhiyi Zhang <zhiyi@cs.ucla.edu>
*/
#include "group-manager.hpp"
-#include "algo/encryptor.hpp"
#include "encrypted-content.hpp"
+#include "algo/encryptor.hpp"
+#include <iostream>
#include <map>
+#include <ndn-cxx/util/string-helper.hpp>
+
namespace ndn {
namespace gep {
-GroupManager::GroupManager(const Name& prefix, const Name& dataType, const std::string& dbPath,
- const int paramLength, const int freshPeriod)
+GroupManager::GroupManager(const Name& prefix,
+ const Name& dataType,
+ const std::string& dbPath,
+ const int paramLength,
+ const int freshPeriod)
: m_namespace(prefix)
, m_db(dbPath)
, m_paramLength(paramLength)
@@ -46,8 +56,9 @@
// get time interval
Interval finalInterval = calculateInterval(timeslot, memberKeys);
- if (finalInterval.isValid() == false)
+ if (finalInterval.isValid() == false) {
return result;
+ }
std::string startTs = boost::posix_time::to_iso_string(finalInterval.getStartTime());
std::string endTs = boost::posix_time::to_iso_string(finalInterval.getEndTime());
@@ -109,8 +120,15 @@
void
GroupManager::addMember(const std::string& scheduleName, const Data& memCert)
{
- IdentityCertificate cert(memCert);
- m_db.addMember(scheduleName, cert.getPublicKeyName(), cert.getPublicKeyInfo().get());
+ security::v2::Certificate cert(memCert);
+ Buffer keybits = cert.getPublicKey();
+ m_db.addMember(scheduleName, cert.getKeyName(), keybits);
+}
+
+void
+GroupManager::addMember(const std::string& scheduleName, const Name& keyName, const Buffer& key)
+{
+ m_db.addMember(scheduleName, keyName, key);
}
void
@@ -138,14 +156,13 @@
// get the all intervals from schedules
for (const std::string& scheduleName : m_db.listAllScheduleNames()) {
-
const Schedule& schedule = m_db.getSchedule(scheduleName);
std::tie(isPositive, tempInterval) = schedule.getCoveringInterval(timeslot);
if (isPositive) {
if (!positiveResult.isValid())
positiveResult = tempInterval;
- positiveResult && tempInterval;
+ positiveResult&& tempInterval;
std::map<Name, Buffer> m = m_db.getScheduleMembers(scheduleName);
memberKeys.insert(m.begin(), m.end());
@@ -153,11 +170,12 @@
else {
if (!negativeResult.isValid())
negativeResult = tempInterval;
- negativeResult && tempInterval;
+ negativeResult&& tempInterval;
}
}
if (!positiveResult.isValid()) {
- // return invalid interval when there is no member has interval covering the time slot
+ // return invalid interval when there is no member has interval covering the
+ // time slot
return Interval(false);
}
@@ -173,31 +191,32 @@
void
GroupManager::generateKeyPairs(Buffer& priKeyBuf, Buffer& pubKeyBuf) const
{
- RandomNumberGenerator rng;
RsaKeyParams params(m_paramLength);
- DecryptKey<algo::Rsa> privateKey = algo::Rsa::generateKey(rng, params);
+ DecryptKey<algo::Rsa> privateKey = algo::Rsa::generateKey(params);
priKeyBuf = privateKey.getKeyBits();
EncryptKey<algo::Rsa> publicKey = algo::Rsa::deriveEncryptKey(priKeyBuf);
pubKeyBuf = publicKey.getKeyBits();
}
-
Data
-GroupManager::createEKeyData(const std::string& startTs, const std::string& endTs,
+GroupManager::createEKeyData(const std::string& startTs,
+ const std::string& endTs,
const Buffer& pubKeyBuf)
{
Name name(m_namespace);
name.append(NAME_COMPONENT_E_KEY).append(startTs).append(endTs);
Data data(name);
data.setFreshnessPeriod(time::hours(m_freshPeriod));
- data.setContent(pubKeyBuf.get(), pubKeyBuf.size());
+ data.setContent(pubKeyBuf.data(), pubKeyBuf.size());
m_keyChain.sign(data);
return data;
}
Data
-GroupManager::createDKeyData(const std::string& startTs, const std::string& endTs,
- const Name& keyName, const Buffer& priKeyBuf,
+GroupManager::createDKeyData(const std::string& startTs,
+ const std::string& endTs,
+ const Name& keyName,
+ const Buffer& priKeyBuf,
const Buffer& certKey)
{
Name name(m_namespace);
@@ -206,8 +225,13 @@
Data data = Data(name);
data.setFreshnessPeriod(time::hours(m_freshPeriod));
algo::EncryptParams eparams(tlv::AlgorithmRsaOaep);
- algo::encryptData(data, priKeyBuf.buf(), priKeyBuf.size(), keyName,
- certKey.buf(), certKey.size(), eparams);
+ algo::encryptData(data,
+ priKeyBuf.data(),
+ priKeyBuf.size(),
+ keyName,
+ certKey.data(),
+ certKey.size(),
+ eparams);
m_keyChain.sign(data);
return data;
}
@@ -236,5 +260,5 @@
m_db.cleanEKeys();
}
-} // namespace ndn
+} // namespace gep
} // namespace ndn
diff --git a/src/group-manager.hpp b/src/group-manager.hpp
index 2e19ab1..56feb28 100644
--- a/src/group-manager.hpp
+++ b/src/group-manager.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2014-2015, Regents of the University of California
+ * Copyright (c) 2014-2018, Regents of the University of California
*
* This file is part of ndn-group-encrypt (Group-based Encryption Protocol for NDN).
* See AUTHORS.md for complete list of ndn-group-encrypt authors and contributors.
@@ -16,7 +16,7 @@
* You should have received a copy of the GNU General Public License along with
* ndn-group-encrypt, e.g., in COPYING.md file. If not, see <http://www.gnu.org/licenses/>.
*
- * @author Zhiyi Zhang <dreamerbarrychang@gmail.com>
+ * @author Zhiyi Zhang <zhiyi@cs.ucla.edu>
*/
#ifndef NDN_GEP_GROUP_MANAGER_HPP
@@ -36,8 +36,7 @@
class Error : public std::runtime_error
{
public:
- explicit
- Error(const std::string& what)
+ explicit Error(const std::string& what)
: std::runtime_error(what)
{
}
@@ -53,8 +52,11 @@
* The group key will be an RSA key with @p paramLength bits.
* The FreshnessPeriod of data packet carrying the keys will be set to @p freshPeriod hours.
*/
- GroupManager(const Name& prefix, const Name& dataType, const std::string& dbPath,
- const int paramLength, const int freshPeriod);
+ GroupManager(const Name& prefix,
+ const Name& dataType,
+ const std::string& dbPath,
+ const int paramLength,
+ const int freshPeriod);
/**
* @brief Create a group key for interval which
@@ -90,6 +92,9 @@
void
addMember(const std::string& scheduleName, const Data& memCert);
+ void
+ addMember(const std::string& scheduleName, const Name& keyName, const Buffer& key);
+
/// @brief Remove member with name @p identity from the group.
void
removeMember(const Name& identity);
@@ -99,7 +104,7 @@
updateMemberSchedule(const Name& identity, const std::string& scheduleName);
-PUBLIC_WITH_TESTS_ELSE_PRIVATE:
+PUBLIC_WITH_TESTS_ELSE_PRIVATE :
/**
* @brief Calculate interval that covers @p timeslot
* and fill @p memberKeys with the info of members who is allowed to access the interval.
@@ -117,13 +122,15 @@
/// @brief Create E-KEY data.
Data
- createEKeyData(const std::string& startTs, const std::string& endTs,
- const Buffer& pubKeyBuf);
+ createEKeyData(const std::string& startTs, const std::string& endTs, const Buffer& pubKeyBuf);
/// @brief Create D-KEY data.
Data
- createDKeyData(const std::string& startTs, const std::string& endTs, const Name& keyName,
- const Buffer& priKeyBuf, const Buffer& certKey);
+ createDKeyData(const std::string& startTs,
+ const std::string& endTs,
+ const Name& keyName,
+ const Buffer& priKeyBuf,
+ const Buffer& certKey);
/// @brief Add a EKey to the database
void
diff --git a/src/interval.cpp b/src/interval.cpp
index f5738a1..8d96f77 100644
--- a/src/interval.cpp
+++ b/src/interval.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2014-2015, Regents of the University of California
+ * Copyright (c) 2014-2018, Regents of the University of California
*
* This file is part of ndn-group-encrypt (Group-based Encryption Protocol for NDN).
* See AUTHORS.md for complete list of ndn-group-encrypt authors and contributors.
@@ -16,7 +16,7 @@
* You should have received a copy of the GNU General Public License along with
* ndn-group-encrypt, e.g., in COPYING.md file. If not, see <http://www.gnu.org/licenses/>.
*
- * @author Zhiyi Zhang <dreamerbarrychang@gmail.com>
+ * @author Zhiyi Zhang <zhiyi@cs.ucla.edu>
*/
#include "interval.hpp"
@@ -33,8 +33,7 @@
{
}
-Interval::Interval(const TimeStamp& startTime,
- const TimeStamp& endTime)
+Interval::Interval(const TimeStamp& startTime, const TimeStamp& endTime)
: m_startTime(startTime)
, m_endTime(endTime)
, m_isValid(true)
@@ -53,7 +52,7 @@
}
Interval&
-Interval::operator &&(const Interval& interval)
+Interval::operator&&(const Interval& interval)
{
BOOST_ASSERT(isValid() && interval.isValid());
@@ -80,7 +79,7 @@
}
Interval&
-Interval::operator ||(const Interval& interval)
+Interval::operator||(const Interval& interval)
{
BOOST_ASSERT(this->isValid() && interval.isValid());
diff --git a/src/interval.hpp b/src/interval.hpp
index e2cd23f..6cf6b86 100644
--- a/src/interval.hpp
+++ b/src/interval.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2014-2015, Regents of the University of California
+ * Copyright (c) 2014-2018, Regents of the University of California
*
* This file is part of ndn-group-encrypt (Group-based Encryption Protocol for NDN).
* See AUTHORS.md for complete list of ndn-group-encrypt authors and contributors.
@@ -16,14 +16,13 @@
* You should have received a copy of the GNU General Public License along with
* ndn-group-encrypt, e.g., in COPYING.md file. If not, see <http://www.gnu.org/licenses/>.
*
- * @author Zhiyi Zhang <dreamerbarrychang@gmail.com>
+ * @author Zhiyi Zhang <zhiyi@cs.ucla.edu>
*/
#ifndef NDN_GEP_INTERVAL_HPP
#define NDN_GEP_INTERVAL_HPP
#include "common.hpp"
-
#include <boost/date_time/posix_time/posix_time.hpp>
namespace ndn {
@@ -38,8 +37,7 @@
class Error : public std::runtime_error
{
public:
- explicit
- Error(const std::string& what)
+ explicit Error(const std::string& what)
: std::runtime_error(what)
{
}
@@ -51,11 +49,9 @@
*
* @param isValid If isValid is true, the created interval is an empty interval
*/
- explicit
- Interval(bool isValid = false);
+ explicit Interval(bool isValid = false);
- Interval(const TimeStamp& startTime,
- const TimeStamp& endTime);
+ Interval(const TimeStamp& startTime, const TimeStamp& endTime);
/**
* @brief Check if the timestamp tp is in the interval
@@ -73,7 +69,7 @@
* Two intervals should all be valid but they can be empty
*/
Interval&
- operator &&(const Interval& interval);
+ operator&&(const Interval& interval);
/**
* @brief Get the union set interval of two intervals
@@ -82,7 +78,7 @@
* Two intervals should all be valid but they can be empty
*/
Interval&
- operator ||(const Interval& interval);
+ operator||(const Interval& interval);
const TimeStamp&
getStartTime() const
diff --git a/src/producer-db.cpp b/src/producer-db.cpp
index c748953..0cde47d 100644
--- a/src/producer-db.cpp
+++ b/src/producer-db.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2014-2015, Regents of the University of California
+ * Copyright (c) 2014-2018, Regents of the University of California
*
* This file is part of ndn-group-encrypt (Group-based Encryption Protocol for NDN).
* See AUTHORS.md for complete list of ndn-group-encrypt authors and contributors.
@@ -20,11 +20,10 @@
*/
#include "producer-db.hpp"
-
-#include <sqlite3.h>
-#include <boost/filesystem.hpp>
#include <ndn-cxx/util/sqlite3-statement.hpp>
-#include <ndn-cxx/security/identity-certificate.hpp>
+#include <iostream>
+#include <boost/filesystem.hpp>
+#include <sqlite3.h>
namespace ndn {
namespace gep {
@@ -32,15 +31,15 @@
using util::Sqlite3Statement;
using time::system_clock;
-static const std::string INITIALIZATION =
- "CREATE TABLE IF NOT EXISTS \n"
- " contentkeys( \n"
- " rowId INTEGER PRIMARY KEY, \n"
- " timeslot INTEGER, \n"
- " key BLOB NOT NULL \n"
- " ); \n"
- "CREATE UNIQUE INDEX IF NOT EXISTS \n"
- " timeslotIndex ON contentkeys(timeslot); \n";
+static const std::string INITIALIZATION =R"_DBTEXT_(
+CREATE TABLE IF NOT EXISTS
+ contentkeys(
+ rowId INTEGER PRIMARY KEY,
+ timeslot INTEGER,
+ key BLOB NOT NULL
+ );
+CREATE UNIQUE INDEX IF NOT EXISTS
+ timeslotIndex ON contentkeys(timeslot);)_DBTEXT_";
class ProducerDB::Impl
{
@@ -49,14 +48,10 @@
{
// open Database
- int result = sqlite3_open_v2(dbPath.c_str(), &m_database,
+ int result = sqlite3_open_v2(dbPath.c_str(),
+ &m_database,
SQLITE_OPEN_READWRITE | SQLITE_OPEN_CREATE,
-#ifdef NDN_CXX_DISABLE_SQLITE3_FS_LOCKING
- "unix-dotfile"
-#else
- nullptr
-#endif
- );
+ nullptr);
if (result != SQLITE_OK)
BOOST_THROW_EXCEPTION(Error("Producer DB cannot be opened/created: " + dbPath));
@@ -90,7 +85,8 @@
ProducerDB::~ProducerDB() = default;
static int32_t
-getFixedTimeslot(const system_clock::TimePoint& timeslot) {
+getFixedTimeslot(const system_clock::TimePoint& timeslot)
+{
return (time::toUnixTimestamp(timeslot)).count() / 3600000;
}
@@ -99,7 +95,7 @@
{
int32_t fixedTimeslot = getFixedTimeslot(timeslot);
Sqlite3Statement statement(m_impl->m_database,
- "SELECT key FROM contentkeys where timeslot=?");
+ R"_DBTEXT_(SELECT key FROM contentkeys where timeslot=?)_DBTEXT_");
statement.bind(1, fixedTimeslot);
return (statement.step() == SQLITE_ROW);
}
@@ -110,7 +106,7 @@
{
int32_t fixedTimeslot = getFixedTimeslot(timeslot);
Sqlite3Statement statement(m_impl->m_database,
- "SELECT key FROM contentkeys where timeslot=?");
+ R"_DBTEXT_(SELECT key FROM contentkeys where timeslot=?)_DBTEXT_");
statement.bind(1, fixedTimeslot);
Buffer result;
@@ -129,12 +125,13 @@
// BOOST_ASSERT(key.length() != 0);
int32_t fixedTimeslot = getFixedTimeslot(timeslot);
Sqlite3Statement statement(m_impl->m_database,
- "INSERT INTO contentkeys (timeslot, key)\
- values (?, ?)");
+ R"_DBTEXT_(INSERT INTO contentkeys (timeslot, key)
+ values (?, ?))_DBTEXT_");
statement.bind(1, fixedTimeslot);
- statement.bind(2, key.buf(), key.size(), SQLITE_TRANSIENT);
- if (statement.step() != SQLITE_DONE)
+ statement.bind(2, key.data(), key.size(), SQLITE_TRANSIENT);
+ if (statement.step() != SQLITE_DONE) {
BOOST_THROW_EXCEPTION(Error("Cannot add the key to database"));
+ }
}
void
@@ -142,7 +139,7 @@
{
int32_t fixedTimeslot = getFixedTimeslot(timeslot);
Sqlite3Statement statement(m_impl->m_database,
- "DELETE FROM contentkeys WHERE timeslot=?");
+ R"_DBTEXT_(DELETE FROM contentkeys WHERE timeslot=?)_DBTEXT_");
statement.bind(1, fixedTimeslot);
statement.step();
}
diff --git a/src/producer-db.hpp b/src/producer-db.hpp
index 4a10d3f..a846901 100644
--- a/src/producer-db.hpp
+++ b/src/producer-db.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2014-2015, Regents of the University of California
+ * Copyright (c) 2014-2018, Regents of the University of California
*
* This file is part of ndn-group-encrypt (Group-based Encryption Protocol for NDN).
* See AUTHORS.md for complete list of ndn-group-encrypt authors and contributors.
@@ -38,16 +38,14 @@
class Error : public std::runtime_error
{
public:
- explicit
- Error(const std::string& what)
+ explicit Error(const std::string& what)
: std::runtime_error(what)
{
}
};
public:
- explicit
- ProducerDB(const std::string& dbPath);
+ explicit ProducerDB(const std::string& dbPath);
~ProducerDB();
diff --git a/src/producer.cpp b/src/producer.cpp
index 88bd5c1..ac9aca0 100644
--- a/src/producer.cpp
+++ b/src/producer.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2014-2015, Regents of the University of California
+ * Copyright (c) 2014-2018, Regents of the University of California
*
* This file is part of ndn-group-encrypt (Group-based Encryption Protocol for NDN).
* See AUTHORS.md for complete list of ndn-group-encrypt authors and contributors.
@@ -18,13 +18,14 @@
*
* @author Prashanth Swaminathan <prashanthsw@gmail.com>
* @author Yingdi Yu <yuyingdi@gmail.com>
+ * @author Zhiyi Zhang <zhiyi@cs.ucla.edu>
*/
#include "producer.hpp"
-#include "random-number-generator.hpp"
-#include "algo/encryptor.hpp"
#include "algo/aes.hpp"
+#include "algo/encryptor.hpp"
#include "algo/error.hpp"
+#include <iostream>
namespace ndn {
namespace gep {
@@ -41,13 +42,15 @@
hour, so that we can store content keys uniformly (by start of the hour).
*/
static const system_clock::TimePoint
-getRoundedTimeslot(const system_clock::TimePoint& timeslot) {
- return time::fromUnixTimestamp(
- (time::toUnixTimestamp(timeslot) / 3600000) * 3600000);
+getRoundedTimeslot(const system_clock::TimePoint& timeslot)
+{
+ return time::fromUnixTimestamp((time::toUnixTimestamp(timeslot) / 3600000) * 3600000);
}
-Producer::Producer(const Name& prefix, const Name& dataType,
- Face& face, const std::string& dbPath,
+Producer::Producer(const Name& prefix,
+ const Name& dataType,
+ Face& face,
+ const std::string& dbPath,
uint8_t repeatAttempts,
const Link& keyRetrievalLink)
: m_face(face)
@@ -99,9 +102,8 @@
}
// We haven't created the content key, create one and add it into the database.
- RandomNumberGenerator rng;
AesKeyParams aesParams(128);
- contentKeyBits = algo::Aes::generateKey(rng, aesParams).getKeyBits();
+ contentKeyBits = algo::Aes::generateKey(aesParams).getKeyBits();
m_db.addContentKey(timeslot, contentKeyBits);
// Now we need to retrieve the E-KEYs for content key encryption.
@@ -119,7 +121,9 @@
// current E-KEY cannot cover the content key, retrieve one.
keyRequest.repeatAttempts[it->first] = 0;
sendKeyInterest(Interest(it->first).setExclude(timeRange).setChildSelector(1),
- timeslot, callback, errorCallback);
+ timeslot,
+ callback,
+ errorCallback);
}
else {
// current E-KEY can cover the content key, encrypt the content key directly.
@@ -140,8 +144,10 @@
}
void
-Producer::produce(Data& data, const system_clock::TimePoint& timeslot,
- const uint8_t* content, size_t contentLen,
+Producer::produce(Data& data,
+ const system_clock::TimePoint& timeslot,
+ const uint8_t* content,
+ size_t contentLen,
const ErrorCallBack& errorCallBack)
{
// Get a content key
@@ -154,7 +160,7 @@
data.setName(dataName);
algo::EncryptParams params(tlv::AlgorithmAesCbc, 16);
algo::encryptData(data, content, contentLen, contentKeyName,
- contentKey.buf(), contentKey.size(), params);
+ contentKey.data(), contentKey.size(), params);
m_keychain.sign(data);
}
@@ -165,8 +171,8 @@
const ErrorCallBack& errorCallback)
{
Interest request(interest);
- if (m_keyRetrievalLink.getDelegations().size() > 0) {
- request.setLink(m_keyRetrievalLink.wireEncode());
+ if (m_keyRetrievalLink.getDelegationList().size() > 0) {
+ request.setForwardingHint(m_keyRetrievalLink.getDelegationList());
}
m_face.expressInterest(request,
std::bind(&Producer::handleCoveringKey, this, _1, _2,
@@ -178,7 +184,8 @@
}
void
-Producer::handleCoveringKey(const Interest& interest, const Data& data,
+Producer::handleCoveringKey(const Interest& interest,
+ const Data& data,
const system_clock::TimePoint& timeslot,
const ProducerEKeyCallback& callback,
const ErrorCallBack& errorCallback)
@@ -200,7 +207,9 @@
timeRange.excludeBefore(keyName.get(START_TS_INDEX));
sendKeyInterest(Interest(interestName).setExclude(timeRange).setChildSelector(1),
- timeslot, callback, errorCallback);
+ timeslot,
+ callback,
+ errorCallback);
}
else {
// if received E-KEY covers the content key, encrypt the content
@@ -221,6 +230,9 @@
const ErrorCallBack& errorCallback)
{
uint64_t timeCount = toUnixTimestamp(timeslot).count();
+ if (m_keyRequests.find(timeCount) == m_keyRequests.end()) {
+ return;
+ }
KeyRequest& keyRequest = m_keyRequests.at(timeCount);
Name interestName = interest.getName();
@@ -244,11 +256,15 @@
{
// we run out of options...
uint64_t timeCount = toUnixTimestamp(timeslot).count();
- updateKeyRequest(m_keyRequests.at(timeCount), timeCount, callback);
+
+ if (m_keyRequests.find(timeCount) != m_keyRequests.end()) {
+ updateKeyRequest(m_keyRequests.at(timeCount), timeCount, callback);
+ }
}
void
-Producer::updateKeyRequest(KeyRequest& keyRequest, uint64_t timeCount,
+Producer::updateKeyRequest(KeyRequest& keyRequest,
+ uint64_t timeCount,
const ProducerEKeyCallback& callback)
{
keyRequest.interestCount--;
@@ -259,12 +275,16 @@
}
bool
-Producer::encryptContentKey(const Buffer& encryptionKey, const Name& eKeyName,
+Producer::encryptContentKey(const Buffer& encryptionKey,
+ const Name& eKeyName,
const system_clock::TimePoint& timeslot,
const ProducerEKeyCallback& callback,
const ErrorCallBack& errorCallBack)
{
uint64_t timeCount = toUnixTimestamp(timeslot).count();
+ if (m_keyRequests.find(timeCount) == m_keyRequests.end()) {
+ return false;
+ }
KeyRequest& keyRequest = m_keyRequests.at(timeCount);
Name keyName = m_namespace;
@@ -272,15 +292,19 @@
keyName.append(time::toIsoString(getRoundedTimeslot(timeslot)));
Buffer contentKey = m_db.getContentKey(timeslot);
-
Data cKeyData;
cKeyData.setName(keyName);
algo::EncryptParams params(tlv::AlgorithmRsaOaep);
try {
- algo::encryptData(cKeyData, contentKey.buf(), contentKey.size(), eKeyName,
- encryptionKey.buf(), encryptionKey.size(), params);
+ algo::encryptData(cKeyData,
+ contentKey.data(),
+ contentKey.size(),
+ eKeyName,
+ encryptionKey.data(),
+ encryptionKey.size(),
+ params);
}
- catch (algo::Error& e) {
+ catch (const algo::Error& e) {
errorCallBack(ErrorCode::EncryptionFailure, e.what());
return false;
}
diff --git a/src/producer.hpp b/src/producer.hpp
index a440581..8724d1b 100644
--- a/src/producer.hpp
+++ b/src/producer.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2014-2015, Regents of the University of California
+ * Copyright (c) 2014-2018, Regents of the University of California
*
* This file is part of ndn-group-encrypt (Group-based Encryption Protocol for NDN).
* See AUTHORS.md for complete list of ndn-group-encrypt authors and contributors.
@@ -23,11 +23,11 @@
#ifndef NDN_GEP_PRODUCER_HPP
#define NDN_GEP_PRODUCER_HPP
-#include "producer-db.hpp"
#include "error-code.hpp"
+#include "producer-db.hpp"
-#include <ndn-cxx/security/key-chain.hpp>
#include <ndn-cxx/face.hpp>
+#include <ndn-cxx/security/key-chain.hpp>
namespace ndn {
namespace gep {
@@ -41,16 +41,19 @@
class Producer
{
public:
- struct KeyInfo {
+ struct KeyInfo
+ {
time::system_clock::TimePoint beginTimeslot;
time::system_clock::TimePoint endTimeslot;
Buffer keyBits;
};
- struct KeyRequest {
+ struct KeyRequest
+ {
KeyRequest(size_t interests)
- : interestCount(interests)
- {}
+ : interestCount(interests)
+ {
+ }
size_t interestCount;
std::unordered_map<Name, size_t> repeatAttempts;
std::vector<Data> encryptedKeys;
@@ -71,8 +74,10 @@
* @p face, and will re-try for at most @p repeatAttemps times when
* E-KEY retrieval fails.
*/
- Producer(const Name& prefix, const Name& dataType,
- Face& face, const std::string& dbPath,
+ Producer(const Name& prefix,
+ const Name& dataType,
+ Face& face,
+ const std::string& dbPath,
uint8_t repeatAttempts = 3,
const Link& keyRetrievalLink = NO_LINK);
@@ -91,6 +96,7 @@
const ProducerEKeyCallback& callback,
const ErrorCallBack& errorCallBack = Producer::defaultErrorCallBack);
+
/**
* @brief Produce an data packet encrypted using the content key corresponding @p timeslot
*
@@ -99,8 +105,10 @@
* In case of any error, @p errorCallBack will be invoked.
*/
void
- produce(Data& data, const time::system_clock::TimePoint& timeslot,
- const uint8_t* content, size_t contentLen,
+ produce(Data& data,
+ const time::system_clock::TimePoint& timeslot,
+ const uint8_t* content,
+ size_t contentLen,
const ErrorCallBack& errorCallBack = Producer::defaultErrorCallBack);
public:
@@ -114,7 +122,6 @@
defaultErrorCallBack(const ErrorCode& code, const std::string& msg);
private:
-
/**
* @brief Send interest for E-KEY
*
@@ -138,7 +145,8 @@
* of any error, invoke @p errorCallBack.
*/
void
- handleCoveringKey(const Interest& interest, const Data& data,
+ handleCoveringKey(const Interest& interest,
+ const Data& data,
const time::system_clock::TimePoint& timeslot,
const ProducerEKeyCallback& callback,
const ErrorCallBack& errorCallBack = Producer::defaultErrorCallBack);
@@ -176,8 +184,7 @@
* If the count decrease to 0, invoke @p callback.
*/
void
- updateKeyRequest(KeyRequest& keyRequest, uint64_t timeCount,
- const ProducerEKeyCallback& callback);
+ updateKeyRequest(KeyRequest& keyRequest, uint64_t timeCount, const ProducerEKeyCallback& callback);
/**
* @brief Encrypts C-KEY for @p timeslot using @p encryptionKey of @p eKeyName
@@ -188,7 +195,8 @@
* @return true if encryption succeeds, otherwise false.
*/
bool
- encryptContentKey(const Buffer& encryptionKey, const Name& eKeyName,
+ encryptContentKey(const Buffer& encryptionKey,
+ const Name& eKeyName,
const time::system_clock::TimePoint& timeslot,
const ProducerEKeyCallback& callback,
const ErrorCallBack& errorCallback = Producer::defaultErrorCallBack);
diff --git a/src/random-number-generator.hpp b/src/random-number-generator.hpp
deleted file mode 100644
index 0d74f47..0000000
--- a/src/random-number-generator.hpp
+++ /dev/null
@@ -1,33 +0,0 @@
-/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
-/**
- * Copyright (c) 2014-2015, Regents of the University of California
- *
- * This file is part of ndn-group-encrypt (Group-based Encryption Protocol for NDN).
- * See AUTHORS.md for complete list of ndn-group-encrypt authors and contributors.
- *
- * ndn-group-encrypt is free software: you can redistribute it and/or modify it under
- * the terms of the GNU General Public License as published by the Free Software
- * Foundation, either version 3 of the License, or (at your option) any later version.
- *
- * ndn-group-encrypt is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
- * A PARTICULAR PURPOSE. See the GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along with
- * ndn-group-encrypt, e.g., in COPYING.md file. If not, see <http://www.gnu.org/licenses/>.
- */
-
-#ifndef NDN_GEP_RANDOM_NUMBER_GENERATOR_HPP
-#define NDN_GEP_RANDOM_NUMBER_GENERATOR_HPP
-
-#include "cryptopp.hpp"
-
-namespace ndn {
-namespace gep {
-
-typedef CryptoPP::AutoSeededRandomPool RandomNumberGenerator;
-
-} // namespace gep
-} // namespace ndn
-
-#endif // NDN_GEP_RANDOM_NUMBER_GENERATOR_HPP
diff --git a/src/repetitive-interval.cpp b/src/repetitive-interval.cpp
index a8104d1..fbbe0a9 100644
--- a/src/repetitive-interval.cpp
+++ b/src/repetitive-interval.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2014-2015, Regents of the University of California
+ * Copyright (c) 2014-2018, Regents of the University of California
*
* This file is part of ndn-group-encrypt (Group-based Encryption Protocol for NDN).
* See AUTHORS.md for complete list of ndn-group-encrypt authors and contributors.
@@ -16,12 +16,11 @@
* You should have received a copy of the GNU General Public License along with
* ndn-group-encrypt, e.g., in COPYING.md file. If not, see <http://www.gnu.org/licenses/>.
*
- * @author Zhiyi Zhang <dreamerbarrychang@gmail.com>
+ * @author Zhiyi Zhang <zhiyi@cs.ucla.edu>
*/
#include "repetitive-interval.hpp"
#include "tlv.hpp"
-
#include <ndn-cxx/encoding/block-helpers.hpp>
#include <ndn-cxx/util/concepts.hpp>
#include <boost/date_time/posix_time/posix_time.hpp>
@@ -78,15 +77,14 @@
size_t totalLength = 0;
// RepeatUnit
- totalLength += prependNonNegativeIntegerBlock(encoder, tlv::RepeatUnit,
- static_cast<size_t>(m_unit));
+ totalLength +=
+ prependNonNegativeIntegerBlock(encoder, tlv::RepeatUnit, static_cast<size_t>(m_unit));
// NRepeat
totalLength += prependNonNegativeIntegerBlock(encoder, tlv::NRepeats, m_nRepeats);
// IntervalEndHour
totalLength += prependNonNegativeIntegerBlock(encoder, tlv::IntervalEndHour, m_intervalEndHour);
// IntervalStartHour
- totalLength += prependNonNegativeIntegerBlock(encoder, tlv::IntervalStartHour,
- m_intervalStartHour);
+ totalLength += prependNonNegativeIntegerBlock(encoder, tlv::IntervalStartHour, m_intervalStartHour);
// EndDate
totalLength += prependStringBlock(encoder, tlv::EndDate, to_iso_string(m_endDate));
// StartDate
diff --git a/src/repetitive-interval.hpp b/src/repetitive-interval.hpp
index 6ac5e68..de9b63c 100644
--- a/src/repetitive-interval.hpp
+++ b/src/repetitive-interval.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2014-2015, Regents of the University of California
+ * Copyright (c) 2014-2018, Regents of the University of California
*
* This file is part of ndn-group-encrypt (Group-based Encryption Protocol for NDN).
* See AUTHORS.md for complete list of ndn-group-encrypt authors and contributors.
@@ -16,7 +16,7 @@
* You should have received a copy of the GNU General Public License along with
* ndn-group-encrypt, e.g., in COPYING.md file. If not, see <http://www.gnu.org/licenses/>.
*
- * @author Zhiyi Zhang <dreamerbarrychang@gmail.com>
+ * @author Zhiyi Zhang <zhiyi@cs.ucla.edu>
*/
#ifndef NDN_GEP_REPETITIVE_INTERVAL_HPP
@@ -32,7 +32,8 @@
class RepetitiveInterval
{
public:
- enum class RepeatUnit{
+ enum class
+ RepeatUnit {
NONE = 0,
DAY = 1,
MONTH = 2,
diff --git a/src/schedule.cpp b/src/schedule.cpp
index 14635b4..797467a 100644
--- a/src/schedule.cpp
+++ b/src/schedule.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2014-2015, Regents of the University of California
+ * Copyright (c) 2014-2018, Regents of the University of California
*
* This file is part of ndn-group-encrypt (Group-based Encryption Protocol for NDN).
* See AUTHORS.md for complete list of ndn-group-encrypt authors and contributors.
@@ -16,7 +16,7 @@
* You should have received a copy of the GNU General Public License along with
* ndn-group-encrypt, e.g., in COPYING.md file. If not, see <http://www.gnu.org/licenses/>.
*
- * @author Zhiyi Zhang <dreamerbarrychang@gmail.com>
+ * @author Zhiyi Zhang <zhiyi@cs.ucla.edu>
*/
#include "schedule.hpp"
@@ -36,8 +36,10 @@
* @p negativeR The negative result
*/
static void
-calIntervalResult(const std::set<RepetitiveInterval>& list, const TimeStamp& ts,
- Interval& positiveR, Interval& negativeR)
+calIntervalResult(const std::set<RepetitiveInterval>& list,
+ const TimeStamp& ts,
+ Interval& positiveR,
+ Interval& negativeR)
{
Interval tempInterval;
bool isPositive;
@@ -51,7 +53,7 @@
if (!negativeR.isValid())
negativeR = tempInterval;
else
- negativeR && tempInterval;
+ negativeR&& tempInterval;
}
}
}
@@ -176,22 +178,21 @@
Interval whiteNegativeResult;
// get the blackResult
- calIntervalResult(m_blackIntervalList, ts,
- blackPositiveResult, blackNegativeResult);
+ calIntervalResult(m_blackIntervalList, ts, blackPositiveResult, blackNegativeResult);
// if black positive result is not empty, the result must be false
if (!blackPositiveResult.isEmpty())
return std::make_tuple(false, blackPositiveResult);
// get the whiteResult
- calIntervalResult(m_whiteIntervalList, ts,
- whitePositiveResult, whiteNegativeResult);
+ calIntervalResult(m_whiteIntervalList, ts, whitePositiveResult, whiteNegativeResult);
if (whitePositiveResult.isEmpty() && !whiteNegativeResult.isValid()) {
// there is no white interval covering the timestamp
// return false and a 24-hour interval
- return std::make_tuple(false, Interval(TimeStamp(ts.date(), boost::posix_time::hours(0)),
- TimeStamp(ts.date(), boost::posix_time::hours(24))));
+ return std::make_tuple(false,
+ Interval(TimeStamp(ts.date(), boost::posix_time::hours(0)),
+ TimeStamp(ts.date(), boost::posix_time::hours(24))));
}
if (!whitePositiveResult.isEmpty()) {
diff --git a/src/schedule.hpp b/src/schedule.hpp
index e11b221..a919767 100644
--- a/src/schedule.hpp
+++ b/src/schedule.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2014-2015, Regents of the University of California
+ * Copyright (c) 2014-2018, Regents of the University of California
*
* This file is part of ndn-group-encrypt (Group-based Encryption Protocol for NDN).
* See AUTHORS.md for complete list of ndn-group-encrypt authors and contributors.
@@ -16,11 +16,11 @@
* You should have received a copy of the GNU General Public License along with
* ndn-group-encrypt, e.g., in COPYING.md file. If not, see <http://www.gnu.org/licenses/>.
*
- * @author Zhiyi Zhang <dreamerbarrychang@gmail.com>
+ * @author Zhiyi Zhang <zhiyi@cs.ucla.edu>
*/
-#ifndef NDN_GEP_SECHEDULE_HPP
-#define NDN_GEP_SECHEDULE_HPP
+#ifndef NDN_GEP_SCHEDULE_HPP
+#define NDN_GEP_SCHEDULE_HPP
#include "common.hpp"
#include "repetitive-interval.hpp"
@@ -39,8 +39,7 @@
public:
Schedule();
- explicit
- Schedule(const Block& block);
+ explicit Schedule(const Block& block);
public:
template<encoding::Tag TAG>
@@ -82,4 +81,4 @@
} // namespace gep
} // namespace ndn
-#endif // NDN_GROUP_ENCRYPT_SECHEDULE_HPP
+#endif // NDN_GEP_SCHEDULE_HPP