Adding Encryptor class to encrypt content and place in Data packets.
Change-Id: Ie77fd51b58091bbbb182ab9197a58a55b183654c
Refs: #3014
diff --git a/src/algo/aes.cpp b/src/algo/aes.cpp
index 07cb788..1bcb6b6 100644
--- a/src/algo/aes.cpp
+++ b/src/algo/aes.cpp
@@ -19,6 +19,7 @@
#include <ndn-cxx/encoding/buffer-stream.hpp>
#include "aes.hpp"
+#include "error.hpp"
namespace ndn {
namespace gep {
@@ -26,8 +27,14 @@
using namespace CryptoPP;
-Buffer
-crypt(CipherModeBase* cipher, const Buffer& data);
+static Buffer
+transform(CipherModeBase* cipher, const uint8_t* data, size_t dataLen)
+{
+ OBufferStream obuf;
+ StringSource pipe(data, dataLen, true,
+ new StreamTransformationFilter(*cipher, new FileSink(obuf)));
+ return *(obuf.buf());
+}
DecryptKey<Aes>
Aes::generateKey(RandomNumberGenerator& rng, AesKeyParams& params)
@@ -48,64 +55,51 @@
}
Buffer
-Aes::decrypt(const Buffer& keyBits, const Buffer& encryptedData, const EncryptParams& params)
+Aes::decrypt(const uint8_t* key, size_t keyLen,
+ const uint8_t* payload, size_t payloadLen,
+ const EncryptParams& params)
{
- switch (params.getEncryptMode()) {
- case ENCRYPT_MODE_ECB_AES:
- {
- ECB_Mode<AES>::Decryption ecbDecryption(keyBits.get(), keyBits.size());
- return crypt(&ecbDecryption, encryptedData);
+ switch (params.getAlgorithmType()) {
+ case tlv::AlgorithmAesEcb: {
+ ECB_Mode<AES>::Decryption ecbDecryption(key, keyLen);
+ return transform(&ecbDecryption, payload, payloadLen);
}
-
- case ENCRYPT_MODE_CBC_AES:
- {
- Buffer initVector = params.getIV();
+ case tlv::AlgorithmAesCbc: {
+ const Buffer& initVector = params.getIV();
if (initVector.size() != static_cast<size_t>(AES::BLOCKSIZE))
throw Error("incorrect initial vector size");
- CBC_Mode<AES>::Decryption cbcDecryption(keyBits.get(), keyBits.size(), initVector.get());
- return crypt(&cbcDecryption, encryptedData);
+ CBC_Mode<AES>::Decryption cbcDecryption(key, keyLen, initVector.get());
+ return transform(&cbcDecryption, payload, payloadLen);
}
-
- default:
- throw Error("unsupported encryption mode");
+ default:
+ throw Error("unsupported encryption mode");
}
}
Buffer
-Aes::encrypt(const Buffer& keyBits, const Buffer& plainData, const EncryptParams& params)
+Aes::encrypt(const uint8_t* key, size_t keyLen,
+ const uint8_t* payload, size_t payloadLen,
+ const EncryptParams& params)
{
- switch (params.getEncryptMode()) {
- case ENCRYPT_MODE_ECB_AES:
- {
- ECB_Mode<AES>::Encryption ecbEncryption(keyBits.get(), keyBits.size());
- return crypt(&ecbEncryption, plainData);
+ switch (params.getAlgorithmType()) {
+ case tlv::AlgorithmAesEcb: {
+ ECB_Mode<AES>::Encryption ecbEncryption(key, keyLen);
+ return transform(&ecbEncryption, payload, payloadLen);
}
-
- case ENCRYPT_MODE_CBC_AES:
- {
- Buffer initVector = params.getIV();
+ case tlv::AlgorithmAesCbc: {
+ const Buffer& initVector = params.getIV();
if (initVector.size() != static_cast<size_t>(AES::BLOCKSIZE))
throw Error("incorrect initial vector size");
- CBC_Mode<AES>::Encryption cbcEncryption(keyBits.get(), keyBits.size(), initVector.get());
- return crypt(&cbcEncryption, plainData);
+ CBC_Mode<AES>::Encryption cbcEncryption(key, keyLen, initVector.get());
+ return transform(&cbcEncryption, payload, payloadLen);
}
-
- default:
- throw Error("unsupported encryption mode");
+ default:
+ throw Error("unsupported encryption mode");
}
}
-Buffer
-crypt(CipherModeBase* cipher, const Buffer& data)
-{
- OBufferStream obuf;
- StringSource pipe(data.get(), data.size(), true,
- new StreamTransformationFilter(*cipher, new FileSink(obuf)));
- return *(obuf.buf());
-}
-
} // namespace algo
} // namespace gep
} // namespace ndn
diff --git a/src/algo/aes.hpp b/src/algo/aes.hpp
index 931b28d..657d6c0 100644
--- a/src/algo/aes.hpp
+++ b/src/algo/aes.hpp
@@ -24,7 +24,7 @@
#include "random-number-generator.hpp"
#include "algo/encrypt-params.hpp"
#include "decrypt-key.hpp"
-#include "error.hpp"
+
namespace ndn {
namespace gep {
@@ -40,10 +40,14 @@
deriveEncryptKey(const Buffer& keyBits);
static Buffer
- decrypt(const Buffer& keyBits, const Buffer& encryptedData, const EncryptParams& params);
+ decrypt(const uint8_t* key, size_t keyLen,
+ const uint8_t* payload, size_t payloadLen,
+ const EncryptParams& params);
static Buffer
- encrypt(const Buffer& keyBits, const Buffer& plainData, const EncryptParams& params);
+ encrypt(const uint8_t* key, size_t keyLen,
+ const uint8_t* payload, size_t payloadLen,
+ const EncryptParams& params);
};
typedef DecryptKey<Aes> AesEncryptKey;
diff --git a/src/algo/encrypt-params.cpp b/src/algo/encrypt-params.cpp
index 296cb22..1e7a3a0 100644
--- a/src/algo/encrypt-params.cpp
+++ b/src/algo/encrypt-params.cpp
@@ -24,9 +24,8 @@
namespace gep {
namespace algo {
-EncryptParams::EncryptParams(EncryptionMode encryptMode, PaddingScheme paddingScheme, uint8_t ivLength = 0)
- : m_encryptMode(encryptMode)
- , m_paddingScheme(paddingScheme)
+EncryptParams::EncryptParams(tlv::AlgorithmTypeValue algorithm, uint8_t ivLength)
+ : m_algo(algorithm)
{
if (ivLength != 0){
RandomNumberGenerator rng;
@@ -36,21 +35,15 @@
}
void
-EncryptParams::setIV(const Buffer& iv)
+EncryptParams::setIV(const uint8_t* iv, size_t ivLen)
{
- m_iv = iv;
+ m_iv = Buffer(iv, ivLen);
}
void
-EncryptParams::setEncryptMode(const EncryptionMode& encryptMode)
+EncryptParams::setAlgorithmType(tlv::AlgorithmTypeValue algorithm)
{
- m_encryptMode = encryptMode;
-}
-
-void
-EncryptParams::setPaddingScheme(const PaddingScheme& paddingScheme)
-{
- m_paddingScheme = paddingScheme;
+ m_algo = algorithm;
}
Buffer
@@ -59,18 +52,12 @@
return m_iv;
}
-EncryptionMode
-EncryptParams::getEncryptMode() const
+tlv::AlgorithmTypeValue
+EncryptParams::getAlgorithmType() const
{
- return m_encryptMode;
-}
-
-PaddingScheme
-EncryptParams::getPaddingScheme() const
-{
- return m_paddingScheme;
+ return m_algo;
}
} // namespace algo
} // namespace gep
-} // namespace ndn
\ No newline at end of file
+} // namespace ndn
diff --git a/src/algo/encrypt-params.hpp b/src/algo/encrypt-params.hpp
index 2be5d99..80b97a3 100644
--- a/src/algo/encrypt-params.hpp
+++ b/src/algo/encrypt-params.hpp
@@ -2,55 +2,31 @@
#define NDN_GEP_ENCRYPT_PARAMS_HPP
#include <ndn-cxx/encoding/buffer-stream.hpp>
+#include "tlv.hpp"
namespace ndn {
namespace gep {
-
-enum EncryptionMode {
- ENCRYPT_MODE_ECB_AES,
- ENCRYPT_MODE_CBC_AES,
- ENCRYPT_MODE_RSA
-};
-
-enum PaddingScheme {
- PADDING_SCHEME_PKCS7,
- PADDING_SCHEME_PKCS1v15,
- PADDING_SCHEME_OAEP_SHA
-};
-
namespace algo {
class EncryptParams
{
public:
- EncryptParams(EncryptionMode encryptMode, PaddingScheme paddingScheme, uint8_t ivLength);
-
- virtual
- ~EncryptParams()
- {
- }
+ EncryptParams(tlv::AlgorithmTypeValue algorithm, uint8_t ivLength = 0);
void
- setIV(const Buffer& iv);
+ setIV(const uint8_t* iv, size_t ivLen);
void
- setEncryptMode(const EncryptionMode& encryptMode);
-
- void
- setPaddingScheme(const PaddingScheme& paddingScheme);
+ setAlgorithmType(tlv::AlgorithmTypeValue algorithm);
Buffer
getIV() const;
- EncryptionMode
- getEncryptMode() const;
-
- PaddingScheme
- getPaddingScheme() const;
+ tlv::AlgorithmTypeValue
+ getAlgorithmType() const;
private:
- EncryptionMode m_encryptMode;
- PaddingScheme m_paddingScheme;
+ tlv::AlgorithmTypeValue m_algo;
Buffer m_iv;
};
diff --git a/src/algo/rsa.cpp b/src/algo/rsa.cpp
index 66361fb..f5fe848 100644
--- a/src/algo/rsa.cpp
+++ b/src/algo/rsa.cpp
@@ -19,6 +19,7 @@
#include <ndn-cxx/encoding/buffer-stream.hpp>
#include "rsa.hpp"
+#include "error.hpp"
namespace ndn {
namespace gep {
@@ -26,8 +27,15 @@
using namespace CryptoPP;
-Buffer
-crypt(SimpleProxyFilter* filter, const Buffer& data);
+static Buffer
+transform(SimpleProxyFilter* filter, const uint8_t* data, size_t dataLen)
+{
+ OBufferStream obuf;
+ filter->Attach(new FileSink(obuf));
+
+ StringSource pipe(data, dataLen, true, filter);
+ return *(obuf.buf());
+}
DecryptKey<Rsa>
Rsa::generateKey(RandomNumberGenerator& rng, RsaKeyParams& params)
@@ -61,75 +69,61 @@
}
Buffer
-Rsa::decrypt(const Buffer& keyBits, const Buffer& encryptedData, const EncryptParams& params)
+Rsa::decrypt(const uint8_t* key, size_t keyLen,
+ const uint8_t* payload, size_t payloadLen,
+ const EncryptParams& params)
{
AutoSeededRandomPool rng;
RSA::PrivateKey privateKey;
ByteQueue keyQueue;
- keyQueue.LazyPut(keyBits.data(), keyBits.size());
+ keyQueue.LazyPut(key, keyLen);
privateKey.Load(keyQueue);
- switch (params.getPaddingScheme()) {
- case PADDING_SCHEME_PKCS1v15:
- {
+ switch (params.getAlgorithmType()) {
+ case tlv::AlgorithmRsaPkcs: {
RSAES_PKCS1v15_Decryptor decryptor_pkcs1v15(privateKey);
PK_DecryptorFilter* filter_pkcs1v15 = new PK_DecryptorFilter(rng, decryptor_pkcs1v15);
- return crypt(filter_pkcs1v15, encryptedData);
+ return transform(filter_pkcs1v15, payload, payloadLen);
}
-
- case PADDING_SCHEME_OAEP_SHA:
- {
+ case tlv::AlgorithmRsaOaep: {
RSAES_OAEP_SHA_Decryptor decryptor_oaep_sha(privateKey);
PK_DecryptorFilter* filter_oaep_sha = new PK_DecryptorFilter(rng, decryptor_oaep_sha);
- return crypt(filter_oaep_sha, encryptedData);
+ return transform(filter_oaep_sha, payload, payloadLen);
}
-
- default:
- throw Error("unsupported padding scheme");
+ default:
+ throw Error("unsupported padding scheme");
}
}
Buffer
-Rsa::encrypt(const Buffer& keyBits, const Buffer& plainData, const EncryptParams& params)
+Rsa::encrypt(const uint8_t* key, size_t keyLen,
+ const uint8_t* payload, size_t payloadLen,
+ const EncryptParams& params)
{
AutoSeededRandomPool rng;
RSA::PublicKey publicKey;
ByteQueue keyQueue;
- keyQueue.LazyPut(keyBits.data(), keyBits.size());
+ keyQueue.LazyPut(key, keyLen);
publicKey.Load(keyQueue);
- switch (params.getPaddingScheme()) {
- case PADDING_SCHEME_PKCS1v15:
- {
+ switch (params.getAlgorithmType()) {
+ case tlv::AlgorithmRsaPkcs: {
RSAES_PKCS1v15_Encryptor encryptor_pkcs1v15(publicKey);
PK_EncryptorFilter* filter_pkcs1v15 = new PK_EncryptorFilter(rng, encryptor_pkcs1v15);
- return crypt(filter_pkcs1v15, plainData);
+ return transform(filter_pkcs1v15, payload, payloadLen);
}
-
- case PADDING_SCHEME_OAEP_SHA:
- {
+ case tlv::AlgorithmRsaOaep: {
RSAES_OAEP_SHA_Encryptor encryptor_oaep_sha(publicKey);
PK_EncryptorFilter* filter_oaep_sha = new PK_EncryptorFilter(rng, encryptor_oaep_sha);
- return crypt(filter_oaep_sha, plainData);
+ return transform(filter_oaep_sha, payload, payloadLen);
}
-
- default:
- throw Error("unsupported padding scheme");
+ default:
+ throw Error("unsupported padding scheme");
}
}
-Buffer
-crypt(SimpleProxyFilter* filter, const Buffer& data)
-{
- OBufferStream obuf;
- filter->Attach(new FileSink(obuf));
-
- StringSource pipe(data.get(), data.size(), true, filter);
- return *(obuf.buf());
-}
-
} // namespace algo
} // namespace gep
} // namespace ndn
diff --git a/src/algo/rsa.hpp b/src/algo/rsa.hpp
index 7d4567b..c1d3a8b 100644
--- a/src/algo/rsa.hpp
+++ b/src/algo/rsa.hpp
@@ -21,11 +21,9 @@
#define NDN_GEP_ALGO_RSA_HPP
#include <ndn-cxx/security/key-params.hpp>
-
#include "random-number-generator.hpp"
#include "algo/encrypt-params.hpp"
#include "decrypt-key.hpp"
-#include "error.hpp"
namespace ndn {
namespace gep {
@@ -41,10 +39,14 @@
deriveEncryptKey(const Buffer& keyBits);
static Buffer
- decrypt(const Buffer& keyBits, const Buffer& encryptedData, const EncryptParams& params);
+ decrypt(const uint8_t* key, size_t keyLen,
+ const uint8_t* payload, size_t payloadLen,
+ const EncryptParams& params);
static Buffer
- encrypt(const Buffer& keyBits, const Buffer& plainData, const EncryptParams& params);
+ encrypt(const uint8_t* key, size_t keyLen,
+ const uint8_t* payload, size_t payloadLen,
+ const EncryptParams& params);
};
typedef DecryptKey<Rsa> RsaPrivateKey;
diff --git a/src/encrypted-content.cpp b/src/encrypted-content.cpp
index 29f8ceb..3e0879f 100644
--- a/src/encrypted-content.cpp
+++ b/src/encrypted-content.cpp
@@ -20,13 +20,15 @@
}
EncryptedContent::EncryptedContent(tlv::AlgorithmTypeValue type, const KeyLocator& keyLocator,
- ConstBufferPtr payload, ConstBufferPtr iv)
+ const uint8_t* payload, size_t payloadLen,
+ const uint8_t* iv, size_t ivLen)
: m_type(type)
, m_hasKeyLocator(true)
, m_keyLocator(keyLocator)
- , m_payload(payload)
- , m_iv(iv)
+ , m_payload(payload, payloadLen)
{
+ if (iv != nullptr && ivLen != 0)
+ m_iv = Buffer(iv, ivLen);
}
EncryptedContent::EncryptedContent(const Block& block)
@@ -59,26 +61,26 @@
}
void
-EncryptedContent::setInitialVector(ConstBufferPtr iv)
+EncryptedContent::setInitialVector(const uint8_t* iv, size_t ivLen)
{
m_wire.reset();
- m_iv = iv;
+ m_iv = Buffer(iv, ivLen);
}
-ConstBufferPtr
+const Buffer&
EncryptedContent::getInitialVector() const
{
return m_iv;
}
void
-EncryptedContent::setPayload(ConstBufferPtr payload)
+EncryptedContent::setPayload(const uint8_t* payload, size_t payloadLen)
{
m_wire.reset();
- m_payload = payload;
+ m_payload = Buffer(payload, payloadLen);
}
-ConstBufferPtr
+const Buffer&
EncryptedContent::getPayload() const
{
return m_payload;
@@ -90,13 +92,14 @@
{
size_t totalLength = 0;
- if (m_payload != nullptr)
- totalLength += block.prependByteArrayBlock(tlv::EncryptedPayload, m_payload->buf(), m_payload->size());
+ if (m_payload.size() != 0)
+ totalLength += block.prependByteArrayBlock(tlv::EncryptedPayload, m_payload.buf(), m_payload.size());
else
throw Error("EncryptedContent does not have a payload");
- if (m_iv != nullptr)
- totalLength += block.prependByteArrayBlock(tlv::InitialVector, m_iv->buf(), m_iv->size());
+ if (m_iv.size() != 0) {
+ totalLength += block.prependByteArrayBlock(tlv::InitialVector, m_iv.buf(), m_iv.size());
+ }
if (m_type != -1)
totalLength += prependNonNegativeIntegerBlock(block, tlv::EncryptionAlgorithm, m_type);
@@ -162,14 +165,14 @@
throw Error("EncryptedContent does not have encryption algorithm");
if (it != m_wire.elements_end() && it->type() == tlv::InitialVector) {
- m_iv = make_shared<Buffer>(it->value_begin(), it->value_end());
+ m_iv = Buffer(it->value_begin(), it->value_end());
it++;
}
else
- m_iv = nullptr;
+ m_iv = Buffer();
if (it != m_wire.elements_end() && it->type() == tlv::EncryptedPayload) {
- m_payload = make_shared<Buffer>(it->value_begin(), it->value_end());
+ m_payload = Buffer(it->value_begin(), it->value_end());
it++;
}
else
diff --git a/src/encrypted-content.hpp b/src/encrypted-content.hpp
index c31d705..2d861a3 100644
--- a/src/encrypted-content.hpp
+++ b/src/encrypted-content.hpp
@@ -27,7 +27,8 @@
EncryptedContent();
EncryptedContent(tlv::AlgorithmTypeValue type, const KeyLocator& keyLocator,
- ConstBufferPtr payload, ConstBufferPtr iv = nullptr);
+ const uint8_t* payload, size_t payloadLen,
+ const uint8_t* iv = 0, size_t ivLen = 0);
explicit
EncryptedContent(const Block& block);
@@ -54,15 +55,15 @@
getKeyLocator() const;
void
- setInitialVector(ConstBufferPtr iv);
+ setInitialVector(const uint8_t* iv, size_t ivLen);
- ConstBufferPtr
+ const Buffer&
getInitialVector() const;
void
- setPayload(ConstBufferPtr payload);
+ setPayload(const uint8_t* payload, size_t payloadLen);
- ConstBufferPtr
+ const Buffer&
getPayload() const;
template<encoding::Tag TAG>
@@ -88,8 +89,8 @@
int32_t m_type;
bool m_hasKeyLocator;
KeyLocator m_keyLocator;
- ConstBufferPtr m_payload;
- ConstBufferPtr m_iv;
+ Buffer m_payload;
+ Buffer m_iv;
mutable Block m_wire;
};
diff --git a/src/encryptor.cpp b/src/encryptor.cpp
new file mode 100644
index 0000000..06ee785
--- /dev/null
+++ b/src/encryptor.cpp
@@ -0,0 +1,153 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/**
+ * Copyright (c) 2014-2015, Regents of the University of California
+ *
+ * This file is part of ndn-group-encrypt (Group-based Encryption Protocol for NDN).
+ * See AUTHORS.md for complete list of ndn-group-encrypt authors and contributors.
+ *
+ * ndn-group-encrypt is free software: you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation, either version 3 of the License, or (at your option) any later version.
+ *
+ * ndn-group-encrypt is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+ * A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * ndn-group-encrypt, e.g., in COPYING.md file. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "encryptor.hpp"
+#include "random-number-generator.hpp"
+#include "encrypted-content.hpp"
+#include "algo/aes.hpp"
+#include "algo/rsa.hpp"
+
+#include "algo/error.hpp"
+
+namespace ndn {
+namespace gep {
+namespace algo {
+
+using namespace CryptoPP;
+
+/**
+ * @brief Helper method for symmetric encryption
+ *
+ * Encrypt @p payload using @p key according to @p params.
+ *
+ * @return An EncryptedContent
+ */
+static EncryptedContent
+encryptSymmetric(const uint8_t* payload, size_t payloadLen,
+ const uint8_t* key, size_t keyLen,
+ const Name& keyName, const EncryptParams& params)
+{
+ tlv::AlgorithmTypeValue algType = params.getAlgorithmType();
+ const Buffer& iv = params.getIV();
+ KeyLocator keyLocator(keyName);
+
+ switch (algType) {
+ case tlv::AlgorithmAesCbc:
+ case tlv::AlgorithmAesEcb: {
+ BOOST_ASSERT(iv.size() == static_cast<size_t>(AES::BLOCKSIZE));
+
+ const Buffer& encryptedPayload = Aes::encrypt(key, keyLen, payload, payloadLen, params);
+ return EncryptedContent(algType, keyLocator, encryptedPayload.buf(), encryptedPayload.size(), iv.buf(), iv.size());
+ }
+ default: {
+ BOOST_ASSERT(false);
+ throw algo::Error("Unsupported encryption method");
+ }
+ }
+}
+
+/**
+ * @brief Helper method for asymmetric encryption
+ *
+ * Encrypt @p payload using @p key according to @p params.
+ *
+ * @pre @p payloadLen should be within the range of the key.
+ * @return An EncryptedContent
+ */
+static EncryptedContent
+encryptAsymmetric(const uint8_t* payload, size_t payloadLen,
+ const uint8_t* key, size_t keyLen,
+ const Name& keyName, const EncryptParams& params)
+{
+ tlv::AlgorithmTypeValue algType = params.getAlgorithmType();
+ KeyLocator keyLocator(keyName);
+
+ switch (algType) {
+ case tlv::AlgorithmRsaPkcs:
+ case tlv::AlgorithmRsaOaep: {
+ Buffer encryptedPayload = Rsa::encrypt(key, keyLen, payload, payloadLen, params);
+ return EncryptedContent(algType, keyLocator, encryptedPayload.buf(), encryptedPayload.size());
+ }
+ default: {
+ BOOST_ASSERT(false);
+ throw algo::Error("Unsupported encryption method");
+ }
+ }
+}
+
+void
+encryptData(Data& data, const uint8_t* payload, size_t payloadLen,
+ const Name& keyName, const uint8_t* key, size_t keyLen,
+ const EncryptParams& params)
+{
+ switch(params.getAlgorithmType()) {
+ case tlv::AlgorithmAesCbc:
+ case tlv::AlgorithmAesEcb: {
+ const EncryptedContent& content = encryptSymmetric(payload, payloadLen, key, keyLen, keyName, params);
+ data.setContent(content.wireEncode());
+ break;
+ }
+ case tlv::AlgorithmRsaPkcs:
+ case tlv::AlgorithmRsaOaep: {
+ size_t maxPlaintextLength = 0;
+ RSA::PublicKey publicKey;
+ ByteQueue keyQueue;
+
+ keyQueue.LazyPut(key, keyLen);
+ publicKey.Load(keyQueue);
+ RSAES_PKCS1v15_Encryptor enc(publicKey);
+ maxPlaintextLength = enc.FixedMaxPlaintextLength();
+
+ if (maxPlaintextLength < payloadLen) {
+ RandomNumberGenerator rng;
+ SecByteBlock nonceKey(0x00, 16); // 128 bits key.
+ rng.GenerateBlock(nonceKey.data(), nonceKey.size());
+
+ Name nonceKeyName(keyName);
+ nonceKeyName.append("nonce");
+
+ EncryptParams symParams(tlv::AlgorithmAesCbc, AES::BLOCKSIZE);
+
+ const EncryptedContent& nonceContent =
+ encryptSymmetric(payload, payloadLen, nonceKey.data(), nonceKey.size(), nonceKeyName, symParams);
+
+ const EncryptedContent& payloadContent =
+ encryptAsymmetric(nonceKey.data(), nonceKey.size(), key, keyLen, keyName, params);
+
+ Block content(tlv::Content);
+ content.push_back(payloadContent.wireEncode());
+ content.push_back(nonceContent.wireEncode());
+
+ data.setContent(content);
+ return;
+ }
+ else {
+ const EncryptedContent& content = encryptAsymmetric(payload, payloadLen, key, keyLen, keyName, params);
+ data.setContent(content.wireEncode());
+ return;
+ }
+ }
+ default:
+ throw algo::Error("Unsupported encryption method");
+ }
+}
+
+} // namespace algo
+} // namespace gep
+} // namespace ndn
diff --git a/src/encryptor.hpp b/src/encryptor.hpp
new file mode 100644
index 0000000..ceda667
--- /dev/null
+++ b/src/encryptor.hpp
@@ -0,0 +1,50 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/**
+ * Copyright (c) 2014-2015, Regents of the University of California
+ *
+ * This file is part of ndn-group-encrypt (Group-based Encryption Protocol for NDN).
+ * See AUTHORS.md for complete list of ndn-group-encrypt authors and contributors.
+ *
+ * ndn-group-encrypt is free software: you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation, either version 3 of the License, or (at your option) any later version.
+ *
+ * ndn-group-encrypt is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+ * A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * ndn-group-encrypt, e.g., in COPYING.md file. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef NDN_ENCRYPTOR_HPP
+#define NDN_ENCRYPTOR_HPP
+
+#include <ndn-cxx/data.hpp>
+#include "algo/encrypt-params.hpp"
+
+namespace ndn {
+namespace gep {
+namespace algo {
+
+/**
+ * @brief Prepare an encrypted data packet.
+ *
+ * This method will encrypt @p payload using @p key according to @p params.
+ * In addition, it will prepare the EncryptedContent TLVs with the encryption
+ * result with @p keyName and @p params. The TLV will be set as the content of
+ * @p data. If @p params defines an asymmetric encryption and the payload is
+ * larger than the max plaintext size, this method will encrypt the payload
+ * with a symmetric key that will be asymmetrically encrypted and provided as
+ * a nonce in the content of @p data.
+ */
+void
+encryptData(Data& data, const uint8_t* payload, size_t payloadLen,
+ const Name& keyName, const uint8_t* key, size_t keyLen,
+ const EncryptParams& params);
+
+} // namespace algo
+} // namespace gep
+} // namespace ndn
+
+#endif // NDN_ENCRYPTOR_HPP
diff --git a/src/tlv.hpp b/src/tlv.hpp
index 5c0c6ef..26444ac 100644
--- a/src/tlv.hpp
+++ b/src/tlv.hpp
@@ -48,8 +48,10 @@
};
enum AlgorithmTypeValue {
- AlgorithmSha256WithRsa = 0,
- AlgorithmSha256WithEcdsa = 1
+ AlgorithmAesEcb = 0,
+ AlgorithmAesCbc = 1,
+ AlgorithmRsaPkcs = 2,
+ AlgorithmRsaOaep = 3
};
} // namespace tlv