commit 19a11d2dabe94d8881b74a720fe9006ff6d5ef8a
author Zhiyi Zhang <zhiyi@cs.ucla.edu> Thu Apr 12 22:58:20 2018 -0700
committer Zhiyi Zhang <zhiyi@cs.ucla.edu> Tue Apr 17 21:26:56 2018 -0700
tree a3104058c4f73018311fcb9299fcec1fe9c83ee8
parent 96a085956dec34e3b146b64192bf8be51a4aba0d

port NAC to security v2

This commit is based on Lei Pi's commit, which changed certificate version from v1 to v2.
The later changes fix some bugs and refactor algo part of the library to get rid of cryptopp.

Change-Id: I3be7e0341fe85ee69f1b5f1c3ed7421a6c61d0b5

src/algo/aes.cpp

diff --git a/src/algo/aes.cpp b/src/algo/aes.cpp
index 6a7d2e0..c71946b 100644
--- a/src/algo/aes.cpp
+++ b/src/algo/aes.cpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /**
- * Copyright (c) 2014-2015,  Regents of the University of California
+ * Copyright (c) 2014-2018,  Regents of the University of California
  *
  * This file is part of gep (Group-based Encryption Protocol for NDN).
  * See AUTHORS.md for complete list of gep authors and contributors.
@@ -17,32 +17,27 @@
  * gep, e.g., in COPYING.md file.  If not, see <http://www.gnu.org/licenses/>.
  */
 
-#include <ndn-cxx/encoding/buffer-stream.hpp>
 #include "aes.hpp"
 #include "error.hpp"
+#include <openssl/rand.h>
+#include <ndn-cxx/encoding/buffer-stream.hpp>
+#include <ndn-cxx/security/transform/buffer-source.hpp>
+#include <ndn-cxx/security/transform/stream-sink.hpp>
 
 namespace ndn {
 namespace gep {
 namespace algo {
 
-using namespace CryptoPP;
-
-static Buffer
-transform(CipherModeBase* cipher, const uint8_t* data, size_t dataLen)
-{
-  OBufferStream obuf;
-  StringSource pipe(data, dataLen, true,
-                    new StreamTransformationFilter(*cipher, new FileSink(obuf)));
-  return *(obuf.buf());
-}
-
 DecryptKey<Aes>
-Aes::generateKey(RandomNumberGenerator& rng, AesKeyParams& params)
+Aes::generateKey(AesKeyParams& params)
 {
-  SecByteBlock key(0x00, params.getKeySize() >> 3);  // Converting key bit-size to byte-size.
-  rng.GenerateBlock(key.data(), key.size());
+  uint8_t key[32];
 
-  DecryptKey<Aes> decryptKey(Buffer(key.data(), key.size()));
+  int result = RAND_bytes(key, sizeof(key));
+  if (result != 1) {
+    BOOST_THROW_EXCEPTION(Error("Cannot generate 32 bytes random AES key"));
+  }
+  DecryptKey<Aes> decryptKey(Buffer(key, sizeof(key)));
   return decryptKey;
 }
 
@@ -59,22 +54,19 @@
              const uint8_t* payload, size_t payloadLen,
              const EncryptParams& params)
 {
-  switch (params.getAlgorithmType()) {
-    case tlv::AlgorithmAesEcb: {
-      ECB_Mode<AES>::Decryption ecbDecryption(key, keyLen);
-      return transform(&ecbDecryption, payload, payloadLen);
-    }
-    case tlv::AlgorithmAesCbc: {
-      const Buffer& initVector = params.getIV();
-      if (initVector.size() != static_cast<size_t>(AES::BLOCKSIZE))
-        throw Error("incorrect initial vector size");
-
-      CBC_Mode<AES>::Decryption cbcDecryption(key, keyLen, initVector.get());
-      return transform(&cbcDecryption, payload, payloadLen);
-    }
-    default:
-      throw Error("unsupported encryption mode");
+  if (params.getAlgorithmType() != tlv::AlgorithmAesCbc) {
+    BOOST_THROW_EXCEPTION(Error("unsupported AES decryption mode"));
   }
+
+  const Buffer& initVector = params.getIV();
+  OBufferStream os;
+  security::transform::bufferSource(payload, payloadLen)
+    >> security::transform::blockCipher(BlockCipherAlgorithm::AES_CBC, CipherOperator::DECRYPT,
+                                        key, keyLen, initVector.data(), initVector.size())
+    >> security::transform::streamSink(os);
+
+  auto result = os.buf();
+  return *result;
 }
 
 Buffer
@@ -82,22 +74,20 @@
              const uint8_t* payload, size_t payloadLen,
              const EncryptParams& params)
 {
-  switch (params.getAlgorithmType()) {
-    case tlv::AlgorithmAesEcb: {
-      ECB_Mode<AES>::Encryption ecbEncryption(key, keyLen);
-      return transform(&ecbEncryption, payload, payloadLen);
-    }
-    case tlv::AlgorithmAesCbc: {
-      const Buffer& initVector = params.getIV();
-      if (initVector.size() != static_cast<size_t>(AES::BLOCKSIZE))
-        throw Error("incorrect initial vector size");
-
-      CBC_Mode<AES>::Encryption cbcEncryption(key, keyLen, initVector.get());
-      return transform(&cbcEncryption, payload, payloadLen);
-    }
-    default:
-      throw Error("unsupported encryption mode");
+  if (params.getAlgorithmType() != tlv::AlgorithmAesCbc) {
+    BOOST_THROW_EXCEPTION(Error("unsupported AES decryption mode"));
   }
+
+  const Buffer& initVector = params.getIV();
+  OBufferStream os;
+  security::transform::bufferSource(payload, payloadLen)
+    >> security::transform::blockCipher(BlockCipherAlgorithm::AES_CBC,
+                                        CipherOperator::ENCRYPT,
+                                        key, keyLen, initVector.data(), initVector.size())
+    >> security::transform::streamSink(os);
+
+  auto result = os.buf();
+  return *result;
 }
 
 } // namespace algo