Adding Encryptor class to encrypt content and place in Data packets.
Change-Id: Ie77fd51b58091bbbb182ab9197a58a55b183654c
Refs: #3014
diff --git a/src/algo/aes.cpp b/src/algo/aes.cpp
index 07cb788..1bcb6b6 100644
--- a/src/algo/aes.cpp
+++ b/src/algo/aes.cpp
@@ -19,6 +19,7 @@
#include <ndn-cxx/encoding/buffer-stream.hpp>
#include "aes.hpp"
+#include "error.hpp"
namespace ndn {
namespace gep {
@@ -26,8 +27,14 @@
using namespace CryptoPP;
-Buffer
-crypt(CipherModeBase* cipher, const Buffer& data);
+static Buffer
+transform(CipherModeBase* cipher, const uint8_t* data, size_t dataLen)
+{
+ OBufferStream obuf;
+ StringSource pipe(data, dataLen, true,
+ new StreamTransformationFilter(*cipher, new FileSink(obuf)));
+ return *(obuf.buf());
+}
DecryptKey<Aes>
Aes::generateKey(RandomNumberGenerator& rng, AesKeyParams& params)
@@ -48,64 +55,51 @@
}
Buffer
-Aes::decrypt(const Buffer& keyBits, const Buffer& encryptedData, const EncryptParams& params)
+Aes::decrypt(const uint8_t* key, size_t keyLen,
+ const uint8_t* payload, size_t payloadLen,
+ const EncryptParams& params)
{
- switch (params.getEncryptMode()) {
- case ENCRYPT_MODE_ECB_AES:
- {
- ECB_Mode<AES>::Decryption ecbDecryption(keyBits.get(), keyBits.size());
- return crypt(&ecbDecryption, encryptedData);
+ switch (params.getAlgorithmType()) {
+ case tlv::AlgorithmAesEcb: {
+ ECB_Mode<AES>::Decryption ecbDecryption(key, keyLen);
+ return transform(&ecbDecryption, payload, payloadLen);
}
-
- case ENCRYPT_MODE_CBC_AES:
- {
- Buffer initVector = params.getIV();
+ case tlv::AlgorithmAesCbc: {
+ const Buffer& initVector = params.getIV();
if (initVector.size() != static_cast<size_t>(AES::BLOCKSIZE))
throw Error("incorrect initial vector size");
- CBC_Mode<AES>::Decryption cbcDecryption(keyBits.get(), keyBits.size(), initVector.get());
- return crypt(&cbcDecryption, encryptedData);
+ CBC_Mode<AES>::Decryption cbcDecryption(key, keyLen, initVector.get());
+ return transform(&cbcDecryption, payload, payloadLen);
}
-
- default:
- throw Error("unsupported encryption mode");
+ default:
+ throw Error("unsupported encryption mode");
}
}
Buffer
-Aes::encrypt(const Buffer& keyBits, const Buffer& plainData, const EncryptParams& params)
+Aes::encrypt(const uint8_t* key, size_t keyLen,
+ const uint8_t* payload, size_t payloadLen,
+ const EncryptParams& params)
{
- switch (params.getEncryptMode()) {
- case ENCRYPT_MODE_ECB_AES:
- {
- ECB_Mode<AES>::Encryption ecbEncryption(keyBits.get(), keyBits.size());
- return crypt(&ecbEncryption, plainData);
+ switch (params.getAlgorithmType()) {
+ case tlv::AlgorithmAesEcb: {
+ ECB_Mode<AES>::Encryption ecbEncryption(key, keyLen);
+ return transform(&ecbEncryption, payload, payloadLen);
}
-
- case ENCRYPT_MODE_CBC_AES:
- {
- Buffer initVector = params.getIV();
+ case tlv::AlgorithmAesCbc: {
+ const Buffer& initVector = params.getIV();
if (initVector.size() != static_cast<size_t>(AES::BLOCKSIZE))
throw Error("incorrect initial vector size");
- CBC_Mode<AES>::Encryption cbcEncryption(keyBits.get(), keyBits.size(), initVector.get());
- return crypt(&cbcEncryption, plainData);
+ CBC_Mode<AES>::Encryption cbcEncryption(key, keyLen, initVector.get());
+ return transform(&cbcEncryption, payload, payloadLen);
}
-
- default:
- throw Error("unsupported encryption mode");
+ default:
+ throw Error("unsupported encryption mode");
}
}
-Buffer
-crypt(CipherModeBase* cipher, const Buffer& data)
-{
- OBufferStream obuf;
- StringSource pipe(data.get(), data.size(), true,
- new StreamTransformationFilter(*cipher, new FileSink(obuf)));
- return *(obuf.buf());
-}
-
} // namespace algo
} // namespace gep
} // namespace ndn
diff --git a/src/algo/aes.hpp b/src/algo/aes.hpp
index 931b28d..657d6c0 100644
--- a/src/algo/aes.hpp
+++ b/src/algo/aes.hpp
@@ -24,7 +24,7 @@
#include "random-number-generator.hpp"
#include "algo/encrypt-params.hpp"
#include "decrypt-key.hpp"
-#include "error.hpp"
+
namespace ndn {
namespace gep {
@@ -40,10 +40,14 @@
deriveEncryptKey(const Buffer& keyBits);
static Buffer
- decrypt(const Buffer& keyBits, const Buffer& encryptedData, const EncryptParams& params);
+ decrypt(const uint8_t* key, size_t keyLen,
+ const uint8_t* payload, size_t payloadLen,
+ const EncryptParams& params);
static Buffer
- encrypt(const Buffer& keyBits, const Buffer& plainData, const EncryptParams& params);
+ encrypt(const uint8_t* key, size_t keyLen,
+ const uint8_t* payload, size_t payloadLen,
+ const EncryptParams& params);
};
typedef DecryptKey<Aes> AesEncryptKey;
diff --git a/src/algo/encrypt-params.cpp b/src/algo/encrypt-params.cpp
index 296cb22..1e7a3a0 100644
--- a/src/algo/encrypt-params.cpp
+++ b/src/algo/encrypt-params.cpp
@@ -24,9 +24,8 @@
namespace gep {
namespace algo {
-EncryptParams::EncryptParams(EncryptionMode encryptMode, PaddingScheme paddingScheme, uint8_t ivLength = 0)
- : m_encryptMode(encryptMode)
- , m_paddingScheme(paddingScheme)
+EncryptParams::EncryptParams(tlv::AlgorithmTypeValue algorithm, uint8_t ivLength)
+ : m_algo(algorithm)
{
if (ivLength != 0){
RandomNumberGenerator rng;
@@ -36,21 +35,15 @@
}
void
-EncryptParams::setIV(const Buffer& iv)
+EncryptParams::setIV(const uint8_t* iv, size_t ivLen)
{
- m_iv = iv;
+ m_iv = Buffer(iv, ivLen);
}
void
-EncryptParams::setEncryptMode(const EncryptionMode& encryptMode)
+EncryptParams::setAlgorithmType(tlv::AlgorithmTypeValue algorithm)
{
- m_encryptMode = encryptMode;
-}
-
-void
-EncryptParams::setPaddingScheme(const PaddingScheme& paddingScheme)
-{
- m_paddingScheme = paddingScheme;
+ m_algo = algorithm;
}
Buffer
@@ -59,18 +52,12 @@
return m_iv;
}
-EncryptionMode
-EncryptParams::getEncryptMode() const
+tlv::AlgorithmTypeValue
+EncryptParams::getAlgorithmType() const
{
- return m_encryptMode;
-}
-
-PaddingScheme
-EncryptParams::getPaddingScheme() const
-{
- return m_paddingScheme;
+ return m_algo;
}
} // namespace algo
} // namespace gep
-} // namespace ndn
\ No newline at end of file
+} // namespace ndn
diff --git a/src/algo/encrypt-params.hpp b/src/algo/encrypt-params.hpp
index 2be5d99..80b97a3 100644
--- a/src/algo/encrypt-params.hpp
+++ b/src/algo/encrypt-params.hpp
@@ -2,55 +2,31 @@
#define NDN_GEP_ENCRYPT_PARAMS_HPP
#include <ndn-cxx/encoding/buffer-stream.hpp>
+#include "tlv.hpp"
namespace ndn {
namespace gep {
-
-enum EncryptionMode {
- ENCRYPT_MODE_ECB_AES,
- ENCRYPT_MODE_CBC_AES,
- ENCRYPT_MODE_RSA
-};
-
-enum PaddingScheme {
- PADDING_SCHEME_PKCS7,
- PADDING_SCHEME_PKCS1v15,
- PADDING_SCHEME_OAEP_SHA
-};
-
namespace algo {
class EncryptParams
{
public:
- EncryptParams(EncryptionMode encryptMode, PaddingScheme paddingScheme, uint8_t ivLength);
-
- virtual
- ~EncryptParams()
- {
- }
+ EncryptParams(tlv::AlgorithmTypeValue algorithm, uint8_t ivLength = 0);
void
- setIV(const Buffer& iv);
+ setIV(const uint8_t* iv, size_t ivLen);
void
- setEncryptMode(const EncryptionMode& encryptMode);
-
- void
- setPaddingScheme(const PaddingScheme& paddingScheme);
+ setAlgorithmType(tlv::AlgorithmTypeValue algorithm);
Buffer
getIV() const;
- EncryptionMode
- getEncryptMode() const;
-
- PaddingScheme
- getPaddingScheme() const;
+ tlv::AlgorithmTypeValue
+ getAlgorithmType() const;
private:
- EncryptionMode m_encryptMode;
- PaddingScheme m_paddingScheme;
+ tlv::AlgorithmTypeValue m_algo;
Buffer m_iv;
};
diff --git a/src/algo/rsa.cpp b/src/algo/rsa.cpp
index 66361fb..f5fe848 100644
--- a/src/algo/rsa.cpp
+++ b/src/algo/rsa.cpp
@@ -19,6 +19,7 @@
#include <ndn-cxx/encoding/buffer-stream.hpp>
#include "rsa.hpp"
+#include "error.hpp"
namespace ndn {
namespace gep {
@@ -26,8 +27,15 @@
using namespace CryptoPP;
-Buffer
-crypt(SimpleProxyFilter* filter, const Buffer& data);
+static Buffer
+transform(SimpleProxyFilter* filter, const uint8_t* data, size_t dataLen)
+{
+ OBufferStream obuf;
+ filter->Attach(new FileSink(obuf));
+
+ StringSource pipe(data, dataLen, true, filter);
+ return *(obuf.buf());
+}
DecryptKey<Rsa>
Rsa::generateKey(RandomNumberGenerator& rng, RsaKeyParams& params)
@@ -61,75 +69,61 @@
}
Buffer
-Rsa::decrypt(const Buffer& keyBits, const Buffer& encryptedData, const EncryptParams& params)
+Rsa::decrypt(const uint8_t* key, size_t keyLen,
+ const uint8_t* payload, size_t payloadLen,
+ const EncryptParams& params)
{
AutoSeededRandomPool rng;
RSA::PrivateKey privateKey;
ByteQueue keyQueue;
- keyQueue.LazyPut(keyBits.data(), keyBits.size());
+ keyQueue.LazyPut(key, keyLen);
privateKey.Load(keyQueue);
- switch (params.getPaddingScheme()) {
- case PADDING_SCHEME_PKCS1v15:
- {
+ switch (params.getAlgorithmType()) {
+ case tlv::AlgorithmRsaPkcs: {
RSAES_PKCS1v15_Decryptor decryptor_pkcs1v15(privateKey);
PK_DecryptorFilter* filter_pkcs1v15 = new PK_DecryptorFilter(rng, decryptor_pkcs1v15);
- return crypt(filter_pkcs1v15, encryptedData);
+ return transform(filter_pkcs1v15, payload, payloadLen);
}
-
- case PADDING_SCHEME_OAEP_SHA:
- {
+ case tlv::AlgorithmRsaOaep: {
RSAES_OAEP_SHA_Decryptor decryptor_oaep_sha(privateKey);
PK_DecryptorFilter* filter_oaep_sha = new PK_DecryptorFilter(rng, decryptor_oaep_sha);
- return crypt(filter_oaep_sha, encryptedData);
+ return transform(filter_oaep_sha, payload, payloadLen);
}
-
- default:
- throw Error("unsupported padding scheme");
+ default:
+ throw Error("unsupported padding scheme");
}
}
Buffer
-Rsa::encrypt(const Buffer& keyBits, const Buffer& plainData, const EncryptParams& params)
+Rsa::encrypt(const uint8_t* key, size_t keyLen,
+ const uint8_t* payload, size_t payloadLen,
+ const EncryptParams& params)
{
AutoSeededRandomPool rng;
RSA::PublicKey publicKey;
ByteQueue keyQueue;
- keyQueue.LazyPut(keyBits.data(), keyBits.size());
+ keyQueue.LazyPut(key, keyLen);
publicKey.Load(keyQueue);
- switch (params.getPaddingScheme()) {
- case PADDING_SCHEME_PKCS1v15:
- {
+ switch (params.getAlgorithmType()) {
+ case tlv::AlgorithmRsaPkcs: {
RSAES_PKCS1v15_Encryptor encryptor_pkcs1v15(publicKey);
PK_EncryptorFilter* filter_pkcs1v15 = new PK_EncryptorFilter(rng, encryptor_pkcs1v15);
- return crypt(filter_pkcs1v15, plainData);
+ return transform(filter_pkcs1v15, payload, payloadLen);
}
-
- case PADDING_SCHEME_OAEP_SHA:
- {
+ case tlv::AlgorithmRsaOaep: {
RSAES_OAEP_SHA_Encryptor encryptor_oaep_sha(publicKey);
PK_EncryptorFilter* filter_oaep_sha = new PK_EncryptorFilter(rng, encryptor_oaep_sha);
- return crypt(filter_oaep_sha, plainData);
+ return transform(filter_oaep_sha, payload, payloadLen);
}
-
- default:
- throw Error("unsupported padding scheme");
+ default:
+ throw Error("unsupported padding scheme");
}
}
-Buffer
-crypt(SimpleProxyFilter* filter, const Buffer& data)
-{
- OBufferStream obuf;
- filter->Attach(new FileSink(obuf));
-
- StringSource pipe(data.get(), data.size(), true, filter);
- return *(obuf.buf());
-}
-
} // namespace algo
} // namespace gep
} // namespace ndn
diff --git a/src/algo/rsa.hpp b/src/algo/rsa.hpp
index 7d4567b..c1d3a8b 100644
--- a/src/algo/rsa.hpp
+++ b/src/algo/rsa.hpp
@@ -21,11 +21,9 @@
#define NDN_GEP_ALGO_RSA_HPP
#include <ndn-cxx/security/key-params.hpp>
-
#include "random-number-generator.hpp"
#include "algo/encrypt-params.hpp"
#include "decrypt-key.hpp"
-#include "error.hpp"
namespace ndn {
namespace gep {
@@ -41,10 +39,14 @@
deriveEncryptKey(const Buffer& keyBits);
static Buffer
- decrypt(const Buffer& keyBits, const Buffer& encryptedData, const EncryptParams& params);
+ decrypt(const uint8_t* key, size_t keyLen,
+ const uint8_t* payload, size_t payloadLen,
+ const EncryptParams& params);
static Buffer
- encrypt(const Buffer& keyBits, const Buffer& plainData, const EncryptParams& params);
+ encrypt(const uint8_t* key, size_t keyLen,
+ const uint8_t* payload, size_t payloadLen,
+ const EncryptParams& params);
};
typedef DecryptKey<Rsa> RsaPrivateKey;
diff --git a/src/encrypted-content.cpp b/src/encrypted-content.cpp
index 29f8ceb..3e0879f 100644
--- a/src/encrypted-content.cpp
+++ b/src/encrypted-content.cpp
@@ -20,13 +20,15 @@
}
EncryptedContent::EncryptedContent(tlv::AlgorithmTypeValue type, const KeyLocator& keyLocator,
- ConstBufferPtr payload, ConstBufferPtr iv)
+ const uint8_t* payload, size_t payloadLen,
+ const uint8_t* iv, size_t ivLen)
: m_type(type)
, m_hasKeyLocator(true)
, m_keyLocator(keyLocator)
- , m_payload(payload)
- , m_iv(iv)
+ , m_payload(payload, payloadLen)
{
+ if (iv != nullptr && ivLen != 0)
+ m_iv = Buffer(iv, ivLen);
}
EncryptedContent::EncryptedContent(const Block& block)
@@ -59,26 +61,26 @@
}
void
-EncryptedContent::setInitialVector(ConstBufferPtr iv)
+EncryptedContent::setInitialVector(const uint8_t* iv, size_t ivLen)
{
m_wire.reset();
- m_iv = iv;
+ m_iv = Buffer(iv, ivLen);
}
-ConstBufferPtr
+const Buffer&
EncryptedContent::getInitialVector() const
{
return m_iv;
}
void
-EncryptedContent::setPayload(ConstBufferPtr payload)
+EncryptedContent::setPayload(const uint8_t* payload, size_t payloadLen)
{
m_wire.reset();
- m_payload = payload;
+ m_payload = Buffer(payload, payloadLen);
}
-ConstBufferPtr
+const Buffer&
EncryptedContent::getPayload() const
{
return m_payload;
@@ -90,13 +92,14 @@
{
size_t totalLength = 0;
- if (m_payload != nullptr)
- totalLength += block.prependByteArrayBlock(tlv::EncryptedPayload, m_payload->buf(), m_payload->size());
+ if (m_payload.size() != 0)
+ totalLength += block.prependByteArrayBlock(tlv::EncryptedPayload, m_payload.buf(), m_payload.size());
else
throw Error("EncryptedContent does not have a payload");
- if (m_iv != nullptr)
- totalLength += block.prependByteArrayBlock(tlv::InitialVector, m_iv->buf(), m_iv->size());
+ if (m_iv.size() != 0) {
+ totalLength += block.prependByteArrayBlock(tlv::InitialVector, m_iv.buf(), m_iv.size());
+ }
if (m_type != -1)
totalLength += prependNonNegativeIntegerBlock(block, tlv::EncryptionAlgorithm, m_type);
@@ -162,14 +165,14 @@
throw Error("EncryptedContent does not have encryption algorithm");
if (it != m_wire.elements_end() && it->type() == tlv::InitialVector) {
- m_iv = make_shared<Buffer>(it->value_begin(), it->value_end());
+ m_iv = Buffer(it->value_begin(), it->value_end());
it++;
}
else
- m_iv = nullptr;
+ m_iv = Buffer();
if (it != m_wire.elements_end() && it->type() == tlv::EncryptedPayload) {
- m_payload = make_shared<Buffer>(it->value_begin(), it->value_end());
+ m_payload = Buffer(it->value_begin(), it->value_end());
it++;
}
else
diff --git a/src/encrypted-content.hpp b/src/encrypted-content.hpp
index c31d705..2d861a3 100644
--- a/src/encrypted-content.hpp
+++ b/src/encrypted-content.hpp
@@ -27,7 +27,8 @@
EncryptedContent();
EncryptedContent(tlv::AlgorithmTypeValue type, const KeyLocator& keyLocator,
- ConstBufferPtr payload, ConstBufferPtr iv = nullptr);
+ const uint8_t* payload, size_t payloadLen,
+ const uint8_t* iv = 0, size_t ivLen = 0);
explicit
EncryptedContent(const Block& block);
@@ -54,15 +55,15 @@
getKeyLocator() const;
void
- setInitialVector(ConstBufferPtr iv);
+ setInitialVector(const uint8_t* iv, size_t ivLen);
- ConstBufferPtr
+ const Buffer&
getInitialVector() const;
void
- setPayload(ConstBufferPtr payload);
+ setPayload(const uint8_t* payload, size_t payloadLen);
- ConstBufferPtr
+ const Buffer&
getPayload() const;
template<encoding::Tag TAG>
@@ -88,8 +89,8 @@
int32_t m_type;
bool m_hasKeyLocator;
KeyLocator m_keyLocator;
- ConstBufferPtr m_payload;
- ConstBufferPtr m_iv;
+ Buffer m_payload;
+ Buffer m_iv;
mutable Block m_wire;
};
diff --git a/src/encryptor.cpp b/src/encryptor.cpp
new file mode 100644
index 0000000..06ee785
--- /dev/null
+++ b/src/encryptor.cpp
@@ -0,0 +1,153 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/**
+ * Copyright (c) 2014-2015, Regents of the University of California
+ *
+ * This file is part of ndn-group-encrypt (Group-based Encryption Protocol for NDN).
+ * See AUTHORS.md for complete list of ndn-group-encrypt authors and contributors.
+ *
+ * ndn-group-encrypt is free software: you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation, either version 3 of the License, or (at your option) any later version.
+ *
+ * ndn-group-encrypt is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+ * A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * ndn-group-encrypt, e.g., in COPYING.md file. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "encryptor.hpp"
+#include "random-number-generator.hpp"
+#include "encrypted-content.hpp"
+#include "algo/aes.hpp"
+#include "algo/rsa.hpp"
+
+#include "algo/error.hpp"
+
+namespace ndn {
+namespace gep {
+namespace algo {
+
+using namespace CryptoPP;
+
+/**
+ * @brief Helper method for symmetric encryption
+ *
+ * Encrypt @p payload using @p key according to @p params.
+ *
+ * @return An EncryptedContent
+ */
+static EncryptedContent
+encryptSymmetric(const uint8_t* payload, size_t payloadLen,
+ const uint8_t* key, size_t keyLen,
+ const Name& keyName, const EncryptParams& params)
+{
+ tlv::AlgorithmTypeValue algType = params.getAlgorithmType();
+ const Buffer& iv = params.getIV();
+ KeyLocator keyLocator(keyName);
+
+ switch (algType) {
+ case tlv::AlgorithmAesCbc:
+ case tlv::AlgorithmAesEcb: {
+ BOOST_ASSERT(iv.size() == static_cast<size_t>(AES::BLOCKSIZE));
+
+ const Buffer& encryptedPayload = Aes::encrypt(key, keyLen, payload, payloadLen, params);
+ return EncryptedContent(algType, keyLocator, encryptedPayload.buf(), encryptedPayload.size(), iv.buf(), iv.size());
+ }
+ default: {
+ BOOST_ASSERT(false);
+ throw algo::Error("Unsupported encryption method");
+ }
+ }
+}
+
+/**
+ * @brief Helper method for asymmetric encryption
+ *
+ * Encrypt @p payload using @p key according to @p params.
+ *
+ * @pre @p payloadLen should be within the range of the key.
+ * @return An EncryptedContent
+ */
+static EncryptedContent
+encryptAsymmetric(const uint8_t* payload, size_t payloadLen,
+ const uint8_t* key, size_t keyLen,
+ const Name& keyName, const EncryptParams& params)
+{
+ tlv::AlgorithmTypeValue algType = params.getAlgorithmType();
+ KeyLocator keyLocator(keyName);
+
+ switch (algType) {
+ case tlv::AlgorithmRsaPkcs:
+ case tlv::AlgorithmRsaOaep: {
+ Buffer encryptedPayload = Rsa::encrypt(key, keyLen, payload, payloadLen, params);
+ return EncryptedContent(algType, keyLocator, encryptedPayload.buf(), encryptedPayload.size());
+ }
+ default: {
+ BOOST_ASSERT(false);
+ throw algo::Error("Unsupported encryption method");
+ }
+ }
+}
+
+void
+encryptData(Data& data, const uint8_t* payload, size_t payloadLen,
+ const Name& keyName, const uint8_t* key, size_t keyLen,
+ const EncryptParams& params)
+{
+ switch(params.getAlgorithmType()) {
+ case tlv::AlgorithmAesCbc:
+ case tlv::AlgorithmAesEcb: {
+ const EncryptedContent& content = encryptSymmetric(payload, payloadLen, key, keyLen, keyName, params);
+ data.setContent(content.wireEncode());
+ break;
+ }
+ case tlv::AlgorithmRsaPkcs:
+ case tlv::AlgorithmRsaOaep: {
+ size_t maxPlaintextLength = 0;
+ RSA::PublicKey publicKey;
+ ByteQueue keyQueue;
+
+ keyQueue.LazyPut(key, keyLen);
+ publicKey.Load(keyQueue);
+ RSAES_PKCS1v15_Encryptor enc(publicKey);
+ maxPlaintextLength = enc.FixedMaxPlaintextLength();
+
+ if (maxPlaintextLength < payloadLen) {
+ RandomNumberGenerator rng;
+ SecByteBlock nonceKey(0x00, 16); // 128 bits key.
+ rng.GenerateBlock(nonceKey.data(), nonceKey.size());
+
+ Name nonceKeyName(keyName);
+ nonceKeyName.append("nonce");
+
+ EncryptParams symParams(tlv::AlgorithmAesCbc, AES::BLOCKSIZE);
+
+ const EncryptedContent& nonceContent =
+ encryptSymmetric(payload, payloadLen, nonceKey.data(), nonceKey.size(), nonceKeyName, symParams);
+
+ const EncryptedContent& payloadContent =
+ encryptAsymmetric(nonceKey.data(), nonceKey.size(), key, keyLen, keyName, params);
+
+ Block content(tlv::Content);
+ content.push_back(payloadContent.wireEncode());
+ content.push_back(nonceContent.wireEncode());
+
+ data.setContent(content);
+ return;
+ }
+ else {
+ const EncryptedContent& content = encryptAsymmetric(payload, payloadLen, key, keyLen, keyName, params);
+ data.setContent(content.wireEncode());
+ return;
+ }
+ }
+ default:
+ throw algo::Error("Unsupported encryption method");
+ }
+}
+
+} // namespace algo
+} // namespace gep
+} // namespace ndn
diff --git a/src/encryptor.hpp b/src/encryptor.hpp
new file mode 100644
index 0000000..ceda667
--- /dev/null
+++ b/src/encryptor.hpp
@@ -0,0 +1,50 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/**
+ * Copyright (c) 2014-2015, Regents of the University of California
+ *
+ * This file is part of ndn-group-encrypt (Group-based Encryption Protocol for NDN).
+ * See AUTHORS.md for complete list of ndn-group-encrypt authors and contributors.
+ *
+ * ndn-group-encrypt is free software: you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation, either version 3 of the License, or (at your option) any later version.
+ *
+ * ndn-group-encrypt is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+ * A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * ndn-group-encrypt, e.g., in COPYING.md file. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef NDN_ENCRYPTOR_HPP
+#define NDN_ENCRYPTOR_HPP
+
+#include <ndn-cxx/data.hpp>
+#include "algo/encrypt-params.hpp"
+
+namespace ndn {
+namespace gep {
+namespace algo {
+
+/**
+ * @brief Prepare an encrypted data packet.
+ *
+ * This method will encrypt @p payload using @p key according to @p params.
+ * In addition, it will prepare the EncryptedContent TLVs with the encryption
+ * result with @p keyName and @p params. The TLV will be set as the content of
+ * @p data. If @p params defines an asymmetric encryption and the payload is
+ * larger than the max plaintext size, this method will encrypt the payload
+ * with a symmetric key that will be asymmetrically encrypted and provided as
+ * a nonce in the content of @p data.
+ */
+void
+encryptData(Data& data, const uint8_t* payload, size_t payloadLen,
+ const Name& keyName, const uint8_t* key, size_t keyLen,
+ const EncryptParams& params);
+
+} // namespace algo
+} // namespace gep
+} // namespace ndn
+
+#endif // NDN_ENCRYPTOR_HPP
diff --git a/src/tlv.hpp b/src/tlv.hpp
index 5c0c6ef..26444ac 100644
--- a/src/tlv.hpp
+++ b/src/tlv.hpp
@@ -48,8 +48,10 @@
};
enum AlgorithmTypeValue {
- AlgorithmSha256WithRsa = 0,
- AlgorithmSha256WithEcdsa = 1
+ AlgorithmAesEcb = 0,
+ AlgorithmAesCbc = 1,
+ AlgorithmRsaPkcs = 2,
+ AlgorithmRsaOaep = 3
};
} // namespace tlv
diff --git a/tests/unit-tests/aes.t.cpp b/tests/unit-tests/aes.t.cpp
index 46787cc..9d15726 100644
--- a/tests/unit-tests/aes.t.cpp
+++ b/tests/unit-tests/aes.t.cpp
@@ -63,48 +63,42 @@
RandomNumberGenerator rng;
AesKeyParams params;
- EncryptParams eparams(ENCRYPT_MODE_ECB_AES, PADDING_SCHEME_PKCS7, 16);
+ EncryptParams eparams(tlv::AlgorithmAesEcb, 16);
DecryptKey<Aes> decryptKey(std::move(Buffer(key, sizeof(key))));
EncryptKey<Aes> encryptKey = Aes::deriveEncryptKey(decryptKey.getKeyBits());
- Buffer plainBuf(plaintext, sizeof(plaintext));
+ // check if loading key and key derivation
+ BOOST_CHECK_EQUAL_COLLECTIONS(encryptKey.getKeyBits().begin(), encryptKey.getKeyBits().end(), key, key + sizeof(key));
+ BOOST_CHECK_EQUAL_COLLECTIONS(decryptKey.getKeyBits().begin(), decryptKey.getKeyBits().end(), key, key + sizeof(key));
- Buffer cipherBuf = Aes::encrypt(encryptKey.getKeyBits(), plainBuf, eparams);
- BOOST_CHECK_EQUAL_COLLECTIONS(cipherBuf.begin(),
- cipherBuf.end(),
- ciphertext_ecb,
- ciphertext_ecb + sizeof(ciphertext_ecb));
+ // encrypt data in AES_ECB
+ Buffer cipherBuf = Aes::encrypt(key, sizeof(key), plaintext, sizeof(plaintext), eparams);
+ BOOST_CHECK_EQUAL_COLLECTIONS(cipherBuf.begin(), cipherBuf.end(),
+ ciphertext_ecb, ciphertext_ecb + sizeof(ciphertext_ecb));
- Buffer recvBuf = Aes::decrypt(decryptKey.getKeyBits(), cipherBuf, eparams);
- BOOST_CHECK_EQUAL_COLLECTIONS(recvBuf.begin(),
- recvBuf.end(),
- plaintext,
- plaintext + sizeof(plaintext));
+ // decrypt data in AES_ECB
+ Buffer recvBuf = Aes::decrypt(key, sizeof(key), cipherBuf.buf(), cipherBuf.size(), eparams);
+ BOOST_CHECK_EQUAL_COLLECTIONS(recvBuf.begin(), recvBuf.end(),
+ plaintext, plaintext + sizeof(plaintext));
- eparams.setEncryptMode(ENCRYPT_MODE_CBC_AES);
+ // encrypt/decrypt data in AES_CBC with auto-generated IV
+ eparams.setAlgorithmType(tlv::AlgorithmAesCbc);
+ cipherBuf = Aes::encrypt(key, sizeof(key), plaintext, sizeof(plaintext), eparams);
+ recvBuf = Aes::decrypt(key, sizeof(key), cipherBuf.buf(), cipherBuf.size(), eparams);
+ BOOST_CHECK_EQUAL_COLLECTIONS(recvBuf.begin(), recvBuf.end(),
+ plaintext, plaintext + sizeof(plaintext));
- cipherBuf = Aes::encrypt(encryptKey.getKeyBits(), plainBuf, eparams);
- recvBuf = Aes::decrypt(decryptKey.getKeyBits(), cipherBuf, eparams);
- BOOST_CHECK_EQUAL_COLLECTIONS(recvBuf.begin(),
- recvBuf.end(),
- plaintext,
- plaintext + sizeof(plaintext));
+ // encrypt data in AES_CBC with specified IV
+ eparams.setIV(initvector, 16);
+ cipherBuf = Aes::encrypt(key, sizeof(key), plaintext, sizeof(plaintext), eparams);
+ BOOST_CHECK_EQUAL_COLLECTIONS(cipherBuf.begin(), cipherBuf.end(),
+ ciphertext_cbc_iv, ciphertext_cbc_iv + sizeof(ciphertext_cbc_iv));
- Buffer iv(initvector, 16);
- eparams.setIV(iv);
-
- cipherBuf = Aes::encrypt(encryptKey.getKeyBits(), plainBuf, eparams);
- BOOST_CHECK_EQUAL_COLLECTIONS(cipherBuf.begin(),
- cipherBuf.end(),
- ciphertext_cbc_iv,
- ciphertext_cbc_iv + sizeof(ciphertext_cbc_iv));
-
- recvBuf = Aes::decrypt(decryptKey.getKeyBits(), cipherBuf, eparams);
- BOOST_CHECK_EQUAL_COLLECTIONS(recvBuf.begin(),
- recvBuf.end(),
- plaintext,
- plaintext + sizeof(plaintext));
+ // decrypt data in AES_CBC with specified IV
+ recvBuf = Aes::decrypt(key, sizeof(key), cipherBuf.buf(), cipherBuf.size(), eparams);
+ BOOST_CHECK_EQUAL_COLLECTIONS(recvBuf.begin(), recvBuf.end(),
+ plaintext, plaintext + sizeof(plaintext));
}
BOOST_AUTO_TEST_SUITE_END()
diff --git a/tests/unit-tests/encrypted-content.t.cpp b/tests/unit-tests/encrypted-content.t.cpp
index 878d0e9..d462c93 100644
--- a/tests/unit-tests/encrypted-content.t.cpp
+++ b/tests/unit-tests/encrypted-content.t.cpp
@@ -39,7 +39,7 @@
0x08, 0x07,
0x6c, 0x6f, 0x63, 0x61, 0x74, 0x6f, 0x72, // 'locator'
0x83, 0x01, // EncryptedAlgorithm
- 0x00,
+ 0x03,
0x85, 0x0a, // InitialVector
0x72, 0x61, 0x6e, 0x64, 0x6f, 0x6d, 0x62, 0x69, 0x74, 0x73,
0x84, 0x07, // EncryptedPayload
@@ -57,7 +57,7 @@
0x08, 0x07,
0x6c, 0x6f, 0x63, 0x61, 0x74, 0x6f, 0x72, // 'locator'
0x83, 0x01, // EncryptedAlgorithm
- 0x00,
+ 0x03,
0x84, 0x07, // EncryptedPayload
0x63, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74
};
@@ -74,28 +74,29 @@
{
EncryptedContent content;
BOOST_CHECK_EQUAL(content.getAlgorithmType(), -1);
- BOOST_CHECK_EQUAL(content.getPayload() == nullptr, true);
- BOOST_CHECK_EQUAL(content.getInitialVector() == nullptr, true);
+ BOOST_CHECK_EQUAL((content.getPayload()).size(), 0);
+ BOOST_CHECK_EQUAL((content.getInitialVector()).size(), 0);
BOOST_CHECK_EQUAL(content.hasKeyLocator(), false);
BOOST_CHECK_THROW(content.getKeyLocator(), EncryptedContent::Error);
- ConstBufferPtr payload = make_shared<Buffer>(message, sizeof(message));
- ConstBufferPtr initialVector = make_shared<Buffer>(iv, sizeof(iv));
+ Buffer payload(message, sizeof(message));
+ //Buffer initialVector(iv, sizeof(iv));
KeyLocator keyLocator("test/key/locator");
- EncryptedContent sha256RsaContent(tlv::AlgorithmSha256WithRsa, keyLocator, payload, initialVector);
- ConstBufferPtr contentPayload = sha256RsaContent.getPayload();
- ConstBufferPtr contentInitialVector = sha256RsaContent.getInitialVector();
+ EncryptedContent sha256RsaContent(tlv::AlgorithmRsaOaep, keyLocator,
+ message, sizeof(message), iv, sizeof(iv));
+ const Buffer& contentPayload = sha256RsaContent.getPayload();
+ const Buffer& contentInitialVector = sha256RsaContent.getInitialVector();
- BOOST_CHECK_EQUAL(sha256RsaContent.getAlgorithmType(), tlv::AlgorithmSha256WithRsa);
- BOOST_CHECK_EQUAL_COLLECTIONS(contentPayload->begin(),
- contentPayload->end(),
- payload->begin(),
- payload->end());
- BOOST_CHECK_EQUAL_COLLECTIONS(contentInitialVector->begin(),
- contentInitialVector->end(),
- initialVector->begin(),
- initialVector->end());
+ BOOST_CHECK_EQUAL(sha256RsaContent.getAlgorithmType(), tlv::AlgorithmRsaOaep);
+ BOOST_CHECK_EQUAL_COLLECTIONS(contentPayload.begin(),
+ contentPayload.end(),
+ payload.begin(),
+ payload.end());
+ BOOST_CHECK_EQUAL_COLLECTIONS(contentInitialVector.begin(),
+ contentInitialVector.end(),
+ iv,
+ iv + sizeof(iv));
BOOST_CHECK_EQUAL(sha256RsaContent.hasKeyLocator(), true);
BOOST_CHECK_NO_THROW(sha256RsaContent.getKeyLocator());
BOOST_CHECK_EQUAL(sha256RsaContent.getKeyLocator().getName(), Name("test/key/locator"));
@@ -109,30 +110,32 @@
encoded.wire() + encoded.size());
sha256RsaContent = EncryptedContent(encryptedBlock);
- contentPayload = sha256RsaContent.getPayload();
- contentInitialVector = sha256RsaContent.getInitialVector();
+ const Buffer& contentPayloadBlock = sha256RsaContent.getPayload();
+ const Buffer& contentInitialVectorBlock = sha256RsaContent.getInitialVector();
- BOOST_CHECK_EQUAL(sha256RsaContent.getAlgorithmType(), tlv::AlgorithmSha256WithRsa);
+ BOOST_CHECK_EQUAL(sha256RsaContent.getAlgorithmType(), tlv::AlgorithmRsaOaep);
BOOST_CHECK_EQUAL(sha256RsaContent.hasKeyLocator(), true);
- BOOST_CHECK_EQUAL_COLLECTIONS(contentPayload->begin(),
- contentPayload->end(),
- payload->begin(),
- payload->end());
- BOOST_CHECK_EQUAL_COLLECTIONS(contentInitialVector->begin(),
- contentInitialVector->end(),
- initialVector->begin(),
- initialVector->end());
+ BOOST_CHECK_EQUAL_COLLECTIONS(contentPayloadBlock.begin(),
+ contentPayloadBlock.end(),
+ payload.begin(),
+ payload.end());
+ BOOST_CHECK_EQUAL_COLLECTIONS(contentInitialVectorBlock.begin(),
+ contentInitialVectorBlock.end(),
+ iv,
+ iv + sizeof(iv));
BOOST_CHECK_NO_THROW(sha256RsaContent.getKeyLocator());
BOOST_CHECK_EQUAL(sha256RsaContent.getKeyLocator().getName(), Name("test/key/locator"));
- sha256RsaContent = EncryptedContent(tlv::AlgorithmSha256WithRsa, keyLocator, payload);
+ sha256RsaContent = EncryptedContent(tlv::AlgorithmRsaOaep, keyLocator,
+ message, sizeof(message));
+ const Buffer& contentPayloadRecovered = sha256RsaContent.getPayload();
- BOOST_CHECK_EQUAL(sha256RsaContent.getAlgorithmType(), tlv::AlgorithmSha256WithRsa);
- BOOST_CHECK_EQUAL_COLLECTIONS(contentPayload->begin(),
- contentPayload->end(),
- payload->begin(),
- payload->end());
- BOOST_CHECK_EQUAL(sha256RsaContent.getInitialVector() == nullptr, true);
+ BOOST_CHECK_EQUAL(sha256RsaContent.getAlgorithmType(), tlv::AlgorithmRsaOaep);
+ BOOST_CHECK_EQUAL_COLLECTIONS(contentPayloadRecovered.begin(),
+ contentPayloadRecovered.end(),
+ payload.begin(),
+ payload.end());
+ BOOST_CHECK_EQUAL((sha256RsaContent.getInitialVector()).size(), 0);
BOOST_CHECK_EQUAL(sha256RsaContent.hasKeyLocator(), true);
BOOST_CHECK_NO_THROW(sha256RsaContent.getKeyLocator());
BOOST_CHECK_EQUAL(sha256RsaContent.getKeyLocator().getName(), Name("test/key/locator"));
@@ -146,15 +149,15 @@
encodedNoIV.wire() + encodedNoIV.size());
sha256RsaContent = EncryptedContent(encryptedBlock);
- contentPayload = sha256RsaContent.getPayload();
+ const Buffer& contentPayloadNoIV = sha256RsaContent.getPayload();
- BOOST_CHECK_EQUAL(sha256RsaContent.getAlgorithmType(), tlv::AlgorithmSha256WithRsa);
+ BOOST_CHECK_EQUAL(sha256RsaContent.getAlgorithmType(), tlv::AlgorithmRsaOaep);
BOOST_CHECK_EQUAL(sha256RsaContent.hasKeyLocator(), true);
- BOOST_CHECK_EQUAL_COLLECTIONS(contentPayload->begin(),
- contentPayload->end(),
- payload->begin(),
- payload->end());
- BOOST_CHECK_EQUAL(sha256RsaContent.getInitialVector() == nullptr, true);
+ BOOST_CHECK_EQUAL_COLLECTIONS(contentPayloadNoIV.begin(),
+ contentPayloadNoIV.end(),
+ payload.begin(),
+ payload.end());
+ BOOST_CHECK_EQUAL((sha256RsaContent.getInitialVector()).size(), 0);
BOOST_CHECK_NO_THROW(sha256RsaContent.getKeyLocator());
BOOST_CHECK_EQUAL(sha256RsaContent.getKeyLocator().getName(), Name("test/key/locator"));
@@ -173,7 +176,7 @@
0x08, 0x07,
0x6c, 0x6f, 0x63, 0x61, 0x74, 0x6f, 0x72,
0x83, 0x01, // EncryptedAlgorithm
- 0x00,
+ 0x03,
0x85, 0x0a, // InitialVector
0x72, 0x61, 0x6e, 0x64, 0x6f, 0x6d, 0x62, 0x69, 0x74, 0x73,
0x84, 0x07, // EncryptedPayload
@@ -193,7 +196,7 @@
0x08, 0x07,
0x6c, 0x6f, 0x63, 0x61, 0x74, 0x6f, 0x72,
0x83, 0x01, // EncryptedAlgorithm
- 0x00,
+ 0x03,
0x85, 0x0a, // InitialVector
0x72, 0x61, 0x6e, 0x64, 0x6f, 0x6d, 0x62, 0x69, 0x74, 0x73,
0x84, 0x07, // EncryptedPayload
@@ -213,7 +216,7 @@
0x08, 0x07,
0x6c, 0x6f, 0x63, 0x61, 0x74, 0x6f, 0x72,
0x1d, 0x01, // Wrong EncryptedAlgorithm (0x83, 0x01)
- 0x00,
+ 0x03,
0x85, 0x0a, // InitialVector
0x72, 0x61, 0x6e, 0x64, 0x6f, 0x6d, 0x62, 0x69, 0x74, 0x73,
0x84, 0x07, // EncryptedPayload
@@ -233,7 +236,7 @@
0x08, 0x07,
0x6c, 0x6f, 0x63, 0x61, 0x74, 0x6f, 0x72, // 'locator'
0x83, 0x01, // EncryptedAlgorithm
- 0x00,
+ 0x03,
0x1f, 0x0a, // InitialVector (0x84, 0x0a)
0x72, 0x61, 0x6e, 0x64, 0x6f, 0x6d, 0x62, 0x69, 0x74, 0x73,
0x84, 0x07, // EncryptedPayload
@@ -253,7 +256,7 @@
0x08, 0x07,
0x6c, 0x6f, 0x63, 0x61, 0x74, 0x6f, 0x72, // 'locator'
0x83, 0x01, // EncryptedAlgorithm
- 0x00,
+ 0x03,
0x85, 0x0a, // InitialVector
0x72, 0x61, 0x6e, 0x64, 0x6f, 0x6d, 0x62, 0x69, 0x74, 0x73,
0x21, 0x07, // EncryptedPayload (0x85, 0x07)
@@ -273,15 +276,15 @@
{
EncryptedContent content;
BOOST_CHECK_EQUAL(content.getAlgorithmType(), -1);
- BOOST_CHECK_EQUAL(content.getPayload() == nullptr, true);
- BOOST_CHECK_EQUAL(content.getInitialVector() == nullptr, true);
+ BOOST_CHECK_EQUAL((content.getPayload()).size(), 0);
+ BOOST_CHECK_EQUAL((content.getInitialVector()).size(), 0);
BOOST_CHECK_EQUAL(content.hasKeyLocator(), false);
BOOST_CHECK_THROW(content.getKeyLocator(), EncryptedContent::Error);
- content.setAlgorithmType(tlv::AlgorithmSha256WithRsa);
- BOOST_CHECK_EQUAL(content.getAlgorithmType(), tlv::AlgorithmSha256WithRsa);
- BOOST_CHECK_EQUAL(content.getPayload() == nullptr, true);
- BOOST_CHECK_EQUAL(content.getInitialVector() == nullptr, true);
+ content.setAlgorithmType(tlv::AlgorithmRsaOaep);
+ BOOST_CHECK_EQUAL(content.getAlgorithmType(), tlv::AlgorithmRsaOaep);
+ BOOST_CHECK_EQUAL((content.getPayload()).size(), 0);
+ BOOST_CHECK_EQUAL(content.getInitialVector().size(), 0);
BOOST_CHECK_EQUAL(content.hasKeyLocator(), false);
KeyLocator keyLocator("/test/key/locator");
@@ -289,26 +292,24 @@
BOOST_CHECK_EQUAL(content.hasKeyLocator(), true);
BOOST_CHECK_NO_THROW(content.getKeyLocator());
BOOST_CHECK_EQUAL(content.getKeyLocator().getName(), Name("/test/key/locator"));
- BOOST_CHECK_EQUAL(content.getPayload() == nullptr, true);
- BOOST_CHECK_EQUAL(content.getInitialVector() == nullptr, true);
+ BOOST_CHECK_EQUAL((content.getPayload()).size(), 0);
+ BOOST_CHECK_EQUAL((content.getInitialVector()).size(), 0);
- ConstBufferPtr payload = make_shared<Buffer>(message, sizeof(message));
- content.setPayload(payload);
+ content.setPayload(message, sizeof(message));
- ConstBufferPtr contentPayload = content.getPayload();
- BOOST_CHECK_EQUAL_COLLECTIONS(contentPayload->begin(),
- contentPayload->end(),
- payload->begin(),
- payload->end());
+ const Buffer& contentPayload = content.getPayload();
+ BOOST_CHECK_EQUAL_COLLECTIONS(contentPayload.begin(),
+ contentPayload.end(),
+ message,
+ message + sizeof(message));
- ConstBufferPtr initialVector = make_shared<Buffer>(iv, sizeof(iv));
- content.setInitialVector(initialVector);
+ content.setInitialVector(iv, sizeof(iv));
- ConstBufferPtr contentInitialVector = content.getInitialVector();
- BOOST_CHECK_EQUAL_COLLECTIONS(contentInitialVector->begin(),
- contentInitialVector->end(),
- initialVector->begin(),
- initialVector->end());
+ const Buffer& contentInitialVector = content.getInitialVector();
+ BOOST_CHECK_EQUAL_COLLECTIONS(contentInitialVector.begin(),
+ contentInitialVector.end(),
+ iv,
+ iv + sizeof(iv));
const Block& encoded = content.wireEncode();
Block contentBlock(encrypted, sizeof(encrypted));
diff --git a/tests/unit-tests/encryptor.t.cpp b/tests/unit-tests/encryptor.t.cpp
new file mode 100644
index 0000000..7c89d76
--- /dev/null
+++ b/tests/unit-tests/encryptor.t.cpp
@@ -0,0 +1,331 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/**
+ * Copyright (c) 2014-2015, Regents of the University of California
+ *
+ * This file is part of ndn-group-encrypt (Group-based Encryption Protocol for NDN).
+ * See AUTHORS.md for complete list of ndn-group-encrypt authors and contributors.
+ *
+ * ndn-group-encrypt is free software: you can redistribute it and/or modify it under the terms
+ * of the GNU General Public License as published by the Free Software Foundation,
+ * either version 3 of the License, or (at your option) any later version.
+ *
+ * ndn-group-encrypt is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
+ * without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+ * PURPOSE. See the GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * ndn-group-encrypt, e.g., in COPYING.md file. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "random-number-generator.hpp"
+#include "encrypted-content.hpp"
+#include "encryptor.hpp"
+#include "algo/rsa.hpp"
+#include "algo/aes.hpp"
+
+#include <boost/mpl/list.hpp>
+#include "boost-test.hpp"
+#include <algorithm>
+
+namespace ndn {
+namespace gep {
+namespace algo {
+namespace tests {
+
+BOOST_AUTO_TEST_SUITE(TestEncryptor)
+
+class TestDataAesEcb
+{
+public:
+ TestDataAesEcb()
+ : keyName("/test")
+ , encryptParams(tlv::AlgorithmAesEcb)
+ {
+ const uint8_t raw_content[] = {
+ 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
+ 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
+ 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x73
+ };
+ plainText = Buffer(raw_content, sizeof(raw_content));
+
+ const uint8_t aes_key[] = {
+ 0xdd, 0x60, 0x77, 0xec, 0xa9, 0x6b, 0x23, 0x1b,
+ 0x40, 0x6b, 0x5a, 0xf8, 0x7d, 0x3d, 0x55, 0x32
+ };
+ key = Buffer(aes_key, sizeof(aes_key));
+
+ const uint8_t encrypted_content[] = {
+ 0x15, 0x31,
+ 0x82, 0x2f,
+ 0x1c, 0x08,
+ 0x07, 0x06,
+ 0x08, 0x04, 0x74, 0x65, 0x73, 0x74,
+ 0x83, 0x01,
+ 0x00,
+ 0x84, 0x20,
+ 0x13, 0x80, 0x1a, 0xc0, 0x4c, 0x75, 0xa7, 0x7f,
+ 0x43, 0x5e, 0xd7, 0xa6, 0x3f, 0xd3, 0x68, 0x94,
+ 0xe2, 0xcf, 0x54, 0xb1, 0xc2, 0xce, 0xad, 0x9b,
+ 0x56, 0x6e, 0x1c, 0xe6, 0x55, 0x1d, 0x79, 0x04
+ };
+ encryptedContent = Buffer(encrypted_content, sizeof(encrypted_content));
+ }
+
+public:
+ Buffer plainText;
+ Buffer key;
+ Name keyName;
+ EncryptParams encryptParams;
+ Buffer encryptedContent;
+};
+
+class TestDataAesCbc
+{
+public:
+ TestDataAesCbc()
+ : keyName("/test")
+ , encryptParams(tlv::AlgorithmAesCbc)
+ {
+ const uint8_t raw_content[] = {
+ 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
+ 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
+ 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x73
+ };
+ plainText = Buffer(raw_content, sizeof(raw_content));
+
+ const uint8_t aes_key[] = {
+ 0xdd, 0x60, 0x77, 0xec, 0xa9, 0x6b, 0x23, 0x1b,
+ 0x40, 0x6b, 0x5a, 0xf8, 0x7d, 0x3d, 0x55, 0x32
+ };
+ key = Buffer(aes_key, sizeof(aes_key));
+
+ const uint8_t iv[] = {
+ 0x73, 0x6f, 0x6d, 0x65, 0x72, 0x61, 0x6e, 0x64,
+ 0x6f, 0x6d, 0x76, 0x65, 0x63, 0x74, 0x6f, 0x72
+ };
+
+ encryptParams.setIV(iv, sizeof(iv));
+
+ const uint8_t encrypted_content[] = {
+ 0x15, 0x43, // Content
+ 0x82, 0x41, // EncryptedContent
+ 0x1c, 0x08, // KeyLocator /test
+ 0x07, 0x06,
+ 0x08, 0x04, 0x74, 0x65, 0x73, 0x74,
+ 0x83, 0x01, // EncryptedAlgorithm
+ 0x01, // AlgorithmAesCbc
+ 0x85, 0x10,
+ 0x73, 0x6f, 0x6d, 0x65, 0x72, 0x61, 0x6e, 0x64,
+ 0x6f, 0x6d, 0x76, 0x65, 0x63, 0x74, 0x6f, 0x72,
+ 0x84, 0x20, // EncryptedPayLoad
+ 0x6a, 0x6b, 0x58, 0x9c, 0x30, 0x3b, 0xd9, 0xa6,
+ 0xed, 0xd2, 0x12, 0xef, 0x29, 0xad, 0xc3, 0x60,
+ 0x1f, 0x1b, 0x6b, 0xc7, 0x03, 0xff, 0x53, 0x52,
+ 0x82, 0x6d, 0x82, 0x73, 0x05, 0xf9, 0x03, 0xdc
+ };
+ encryptedContent = Buffer(encrypted_content, sizeof(encrypted_content));
+ }
+
+public:
+ Buffer plainText;
+ Buffer key;
+ Name keyName;
+ EncryptParams encryptParams;
+ Buffer encryptedContent;
+};
+
+typedef boost::mpl::list<TestDataAesCbc,
+ TestDataAesEcb> EncryptorAesTestInputs;
+
+
+BOOST_AUTO_TEST_CASE_TEMPLATE(ContentSymmetricEncrypt, T, EncryptorAesTestInputs)
+{
+ T input;
+
+ Data data;
+ encryptData(data, input.plainText.buf(), input.plainText.size(),
+ input.keyName, input.key.buf(), input.key.size(), input.encryptParams);
+
+ BOOST_CHECK_EQUAL_COLLECTIONS(input.encryptedContent.begin(), input.encryptedContent.end(),
+ data.getContent().wire(), data.getContent().wire() + data.getContent().size());
+
+ EncryptedContent content(data.getContent().blockFromValue());
+ const Buffer& decryptedOutput = Aes::decrypt(input.key.buf(), input.key.size(),
+ content.getPayload().buf(), content.getPayload().size(),
+ input.encryptParams);
+
+ BOOST_CHECK_EQUAL_COLLECTIONS(input.plainText.begin(), input.plainText.end(),
+ decryptedOutput.begin(), decryptedOutput.end());
+}
+
+class TestDataRsaOaep
+{
+public:
+ TestDataRsaOaep()
+ : type(tlv::AlgorithmRsaOaep)
+ {
+ }
+public:
+ tlv::AlgorithmTypeValue type;
+};
+
+class TestDataRsaPkcs
+{
+public:
+ TestDataRsaPkcs()
+ : type(tlv::AlgorithmRsaPkcs)
+ {
+ }
+public:
+ tlv::AlgorithmTypeValue type;
+};
+
+typedef boost::mpl::list<TestDataRsaOaep,
+ TestDataRsaPkcs> EncryptorRsaTestInputs;
+
+BOOST_AUTO_TEST_CASE_TEMPLATE(ContentAsymmetricEncryptSmall, T, EncryptorRsaTestInputs)
+{
+ T type;
+
+ const uint8_t raw_content[] = {
+ 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
+ 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
+ 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x73
+ };
+
+ Data data;
+ RandomNumberGenerator rng;
+ RsaKeyParams rsaParams(1024);
+
+ Name keyName("test");
+
+ DecryptKey<Rsa> decryptKey = Rsa::generateKey(rng, rsaParams);
+ EncryptKey<Rsa> encryptKey = Rsa::deriveEncryptKey(decryptKey.getKeyBits());
+
+ Buffer eKey = encryptKey.getKeyBits();
+ Buffer dKey = decryptKey.getKeyBits();
+
+ EncryptParams encryptParams(type.type);
+
+ encryptData(data, raw_content, sizeof(raw_content),
+ keyName, eKey.buf(), eKey.size(), encryptParams);
+
+ Block dataContent = data.getContent();
+ dataContent.parse();
+ BOOST_CHECK_EQUAL(dataContent.elements_size(), 1);
+
+ EncryptedContent extractContent(data.getContent().blockFromValue());
+ BOOST_CHECK_EQUAL(extractContent.getKeyLocator().getName(), keyName);
+ BOOST_CHECK_EQUAL(extractContent.getInitialVector().size(), 0);
+ BOOST_CHECK_EQUAL(extractContent.getAlgorithmType(), type.type);
+
+ const Buffer& recovered = extractContent.getPayload();
+ Buffer decrypted = Rsa::decrypt(dKey.buf(), dKey.size(), recovered.buf(), recovered.size(), encryptParams);
+ BOOST_CHECK_EQUAL_COLLECTIONS(raw_content, raw_content + sizeof(raw_content),
+ decrypted.begin(), decrypted.end());
+}
+
+BOOST_AUTO_TEST_CASE_TEMPLATE(ContentAsymmetricEncryptLarge, T, EncryptorRsaTestInputs)
+{
+ T type;
+
+ const uint8_t large_content[] = {
+ 0x73, 0x5a, 0xbd, 0x47, 0x0c, 0xfe, 0xf8, 0x7d,
+ 0x2e, 0x17, 0xaa, 0x11, 0x6f, 0x23, 0xc5, 0x10,
+ 0x23, 0x36, 0x88, 0xc4, 0x2a, 0x0f, 0x9a, 0x72,
+ 0x54, 0x31, 0xa8, 0xb3, 0x51, 0x18, 0x9f, 0x0e,
+ 0x1b, 0x93, 0x62, 0xd9, 0xc4, 0xf5, 0xf4, 0x3d,
+ 0x61, 0x9a, 0xca, 0x05, 0x65, 0x6b, 0xc6, 0x41,
+ 0xf9, 0xd5, 0x1c, 0x67, 0xc1, 0xd0, 0xd5, 0x6f,
+ 0x7b, 0x70, 0xb8, 0x8f, 0xdb, 0x19, 0x68, 0x7c,
+ 0xe0, 0x2d, 0x04, 0x49, 0xa9, 0xa2, 0x77, 0x4e,
+ 0xfc, 0x60, 0x0d, 0x7c, 0x1b, 0x93, 0x6c, 0xd2,
+ 0x61, 0xc4, 0x6b, 0x01, 0xe9, 0x12, 0x28, 0x6d,
+ 0xf5, 0x78, 0xe9, 0x99, 0x0b, 0x9c, 0x4f, 0x90,
+ 0x34, 0x3e, 0x06, 0x92, 0x57, 0xe3, 0x7a, 0x8f,
+ 0x13, 0xc7, 0xf3, 0xfe, 0xf0, 0xe2, 0x59, 0x48,
+ 0x15, 0xb9, 0xdb, 0x77, 0x07, 0x1d, 0x6d, 0xb5,
+ 0x65, 0x17, 0xdf, 0x76, 0x6f, 0xb5, 0x43, 0xde,
+ 0x71, 0xac, 0xf1, 0x22, 0xbf, 0xb2, 0xe5, 0xd9,
+ 0x22, 0xf1, 0x67, 0x76, 0x71, 0x0c, 0xff, 0x99,
+ 0x7b, 0x94, 0x9b, 0x24, 0x20, 0x80, 0xe3, 0xcc,
+ 0x06, 0x4a, 0xed, 0xdf, 0xec, 0x50, 0xd5, 0x87,
+ 0x3d, 0xa0, 0x7d, 0x9c, 0xe5, 0x13, 0x10, 0x98,
+ 0x14, 0xc3, 0x90, 0x10, 0xd9, 0x25, 0x9a, 0x59,
+ 0xe9, 0x37, 0x26, 0xfd, 0x87, 0xd7, 0xf4, 0xf9,
+ 0x11, 0x91, 0xad, 0x5c, 0x00, 0x95, 0xf5, 0x2b,
+ 0x37, 0xf7, 0x4e, 0xb4, 0x4b, 0x42, 0x7c, 0xb3,
+ 0xad, 0xd6, 0x33, 0x5f, 0x0b, 0x84, 0x57, 0x7f,
+ 0xa7, 0x07, 0x73, 0x37, 0x4b, 0xab, 0x2e, 0xfb,
+ 0xfe, 0x1e, 0xcb, 0xb6, 0x4a, 0xc1, 0x21, 0x5f,
+ 0xec, 0x92, 0xb7, 0xac, 0x97, 0x75, 0x20, 0xc9,
+ 0xd8, 0x9e, 0x93, 0xd5, 0x12, 0x7a, 0x64, 0xb9,
+ 0x4c, 0xed, 0x49, 0x87, 0x44, 0x5b, 0x4f, 0x90,
+ 0x34, 0x3e, 0x06, 0x92, 0x57, 0xe3, 0x7a, 0x8f,
+ 0x13, 0xc7, 0xf3, 0xfe, 0xf0, 0xe2, 0x59, 0x48,
+ 0x15, 0xb9, 0xdb, 0x77, 0x07, 0x1d, 0x6d, 0xb5,
+ 0x65, 0x17, 0xdf, 0x76, 0x6f, 0xb5, 0x43, 0xde,
+ 0x71, 0xac, 0xf1, 0x22, 0xbf, 0xb2, 0xe5, 0xd9
+ };
+
+ Data data;
+ RandomNumberGenerator rng;
+ RsaKeyParams rsaParams(1024);
+
+ Name keyName("test");
+
+ DecryptKey<Rsa> decryptKey = Rsa::generateKey(rng, rsaParams);
+ EncryptKey<Rsa> encryptKey = Rsa::deriveEncryptKey(decryptKey.getKeyBits());
+
+ Buffer eKey = encryptKey.getKeyBits();
+ Buffer dKey = decryptKey.getKeyBits();
+
+ EncryptParams encryptParams(type.type);
+ encryptData(data, large_content, sizeof(large_content),
+ keyName, eKey.buf(), eKey.size(), encryptParams);
+
+ Block largeDataContent = data.getContent();
+ largeDataContent.parse();
+ BOOST_CHECK_EQUAL(largeDataContent.elements_size(), 2);
+
+ Block::element_const_iterator it = largeDataContent.elements_begin();
+
+ BOOST_CHECK(it != largeDataContent.elements_end());
+ Block nonceContent(*it);
+ BOOST_CHECK_EQUAL(nonceContent.type(), tlv::EncryptedContent);
+ EncryptedContent encryptedNonce(nonceContent);
+ BOOST_CHECK_EQUAL(encryptedNonce.getKeyLocator().getName(), keyName);
+ BOOST_CHECK_EQUAL(encryptedNonce.getInitialVector().size(), 0);
+ BOOST_CHECK_EQUAL(encryptedNonce.getAlgorithmType(), type.type);
+
+ it++;
+ BOOST_CHECK(it != largeDataContent.elements_end());
+ Block payloadContent(*it);
+ BOOST_CHECK_EQUAL(payloadContent.type(), tlv::EncryptedContent);
+ EncryptedContent encryptedPayload(payloadContent);
+ Name nonceKeyName = keyName.append("nonce");
+ BOOST_CHECK_EQUAL(encryptedPayload.getKeyLocator().getName(), nonceKeyName);
+ BOOST_CHECK_EQUAL(encryptedPayload.getInitialVector().size(), 16);
+ BOOST_CHECK_EQUAL(encryptedPayload.getAlgorithmType(), tlv::AlgorithmAesCbc);
+
+ it++;
+ BOOST_CHECK(it == largeDataContent.elements_end());
+
+ const Buffer& bufferNonce = encryptedNonce.getPayload();
+ Buffer nonce = Rsa::decrypt(dKey.buf(), dKey.size(), bufferNonce.buf(), bufferNonce.size(), encryptParams);
+
+ encryptParams.setAlgorithmType(tlv::AlgorithmAesCbc);
+ encryptParams.setIV(encryptedPayload.getInitialVector().buf(), encryptedPayload.getInitialVector().size());
+ const Buffer& bufferPayload = encryptedPayload.getPayload();
+ Buffer largePayload = Aes::decrypt(nonce.buf(), nonce.size(), bufferPayload.buf(), bufferPayload.size(), encryptParams);
+
+ BOOST_CHECK_EQUAL_COLLECTIONS(large_content, large_content + sizeof(large_content),
+ largePayload.begin(), largePayload.end());
+}
+
+BOOST_AUTO_TEST_SUITE_END()
+
+} // namespace algo
+} // namespace tests
+} // namespace gep
+} // namespace ndn
diff --git a/tests/unit-tests/rsa.t.cpp b/tests/unit-tests/rsa.t.cpp
index 502a352..d9ee899 100644
--- a/tests/unit-tests/rsa.t.cpp
+++ b/tests/unit-tests/rsa.t.cpp
@@ -82,7 +82,7 @@
{
RandomNumberGenerator rng;
RsaKeyParams params;
- EncryptParams eparams(ENCRYPT_MODE_RSA, PADDING_SCHEME_OAEP_SHA, 0);
+ EncryptParams eparams(tlv::AlgorithmRsaOaep);
OBufferStream privateKeyBuffer, publicKeyBuffer;
StringSource privPipe(privateKey, true,
@@ -93,30 +93,33 @@
DecryptKey<Rsa> decryptKey(std::move(*(privateKeyBuffer.buf())));
EncryptKey<Rsa> encryptKey = Rsa::deriveEncryptKey(decryptKey.getKeyBits());
- Buffer encodedPublic = *(publicKeyBuffer.buf());
- Buffer derivedPublicKey = encryptKey.getKeyBits();
+ const Buffer& encodedPublicKey = *(publicKeyBuffer.buf());
+ const Buffer& derivedPublicKey = encryptKey.getKeyBits();
+ const Buffer& encodedPrivateKey = *(privateKeyBuffer.buf());
+ const Buffer& derivedPrivateKey = decryptKey.getKeyBits();
- BOOST_CHECK_EQUAL_COLLECTIONS(encodedPublic.begin(),
- encodedPublic.end(),
+ BOOST_CHECK_EQUAL_COLLECTIONS(encodedPublicKey.begin(),
+ encodedPublicKey.end(),
derivedPublicKey.begin(),
derivedPublicKey.end());
- Buffer plainBuf(plaintext, sizeof(plaintext));
- Buffer encryptBuf = Rsa::encrypt(encryptKey.getKeyBits(), plainBuf, eparams);
- Buffer recvBuf = Rsa::decrypt(decryptKey.getKeyBits(), encryptBuf, eparams);
+ const Buffer& encryptBuf = Rsa::encrypt(encodedPublicKey.buf(), encodedPublicKey.size(),
+ plaintext, sizeof(plaintext),
+ eparams);
- BOOST_CHECK_EQUAL_COLLECTIONS(plaintext,
- plaintext + sizeof(plaintext),
- recvBuf.begin(),
- recvBuf.end());
+ const Buffer& recvBuf = Rsa::decrypt(encodedPrivateKey.buf(), encodedPrivateKey.size(),
+ encryptBuf.buf(), encryptBuf.size(),
+ eparams);
- Buffer cipherBuf(ciphertext, sizeof(ciphertext));
- Buffer convBuf = Rsa::decrypt(decryptKey.getKeyBits(), cipherBuf, eparams);
+ BOOST_CHECK_EQUAL_COLLECTIONS(plaintext, plaintext + sizeof(plaintext),
+ recvBuf.begin(), recvBuf.end());
- BOOST_CHECK_EQUAL_COLLECTIONS(plaintext,
- plaintext + sizeof(plaintext),
- convBuf.begin(),
- convBuf.end());
+ const Buffer& convBuf = Rsa::decrypt(derivedPrivateKey.buf(), derivedPrivateKey.size(),
+ ciphertext, sizeof(ciphertext),
+ eparams);
+
+ BOOST_CHECK_EQUAL_COLLECTIONS(plaintext, plaintext + sizeof(plaintext),
+ convBuf.begin(), convBuf.end());
}
BOOST_AUTO_TEST_SUITE_END()