Gitiles
Code Review Sign In
gerrit.named-data.net / name-based-access-control / 19a11d2dabe94d8881b74a720fe9006ff6d5ef8a / . / src / algo / encryptor.cpp
blob: c9f774522f374fc3da9d6f7cf8e7cf3cddef3456 [file] [log] [blame]
Prashanth Swaminathand5b3eae2015-07-09 15:37:05 -0700[diff] [blame]1/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
2/**
Zhiyi Zhang19a11d22018-04-12 22:58:20 -0700[diff] [blame^]3 * Copyright (c) 2014-2018, Regents of the University of California
Prashanth Swaminathand5b3eae2015-07-09 15:37:05 -0700[diff] [blame]4 *
5 * This file is part of ndn-group-encrypt (Group-based Encryption Protocol for NDN).
6 * See AUTHORS.md for complete list of ndn-group-encrypt authors and contributors.
7 *
8 * ndn-group-encrypt is free software: you can redistribute it and/or modify it under
9 * the terms of the GNU General Public License as published by the Free Software
10 * Foundation, either version 3 of the License, or (at your option) any later version.
11 *
12 * ndn-group-encrypt is distributed in the hope that it will be useful, but WITHOUT
13 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
14 * A PARTICULAR PURPOSE. See the GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License along with
17 * ndn-group-encrypt, e.g., in COPYING.md file. If not, see <http://www.gnu.org/licenses/>.
18 */
19
20#include "encryptor.hpp"
Yingdi Yub3c47762016-03-20 19:37:27 -0700[diff] [blame]21#include "aes.hpp"
22#include "rsa.hpp"
Zhiyi Zhang19a11d22018-04-12 22:58:20 -0700[diff] [blame^]23#include "../encrypted-content.hpp"
Yingdi Yub3c47762016-03-20 19:37:27 -0700[diff] [blame]24#include "error.hpp"
Zhiyi Zhang19a11d22018-04-12 22:58:20 -0700[diff] [blame^]25#include <openssl/rand.h>
Prashanth Swaminathand5b3eae2015-07-09 15:37:05 -0700[diff] [blame]26
27namespace ndn {
28namespace gep {
29namespace algo {
30
Prashanth Swaminathand5b3eae2015-07-09 15:37:05 -0700[diff] [blame]31/**
32 * @brief Helper method for symmetric encryption
33 *
34 * Encrypt @p payload using @p key according to @p params.
35 *
36 * @return An EncryptedContent
37 */
38static EncryptedContent
Zhiyi Zhang19a11d22018-04-12 22:58:20 -0700[diff] [blame^]39encryptSymmetric(const uint8_t* payload,
40 size_t payloadLen,
41 const uint8_t* key,
42 size_t keyLen,
43 const Name& keyName,
44 const EncryptParams& params)
Prashanth Swaminathand5b3eae2015-07-09 15:37:05 -0700[diff] [blame]45{
46 tlv::AlgorithmTypeValue algType = params.getAlgorithmType();
47 const Buffer& iv = params.getIV();
48 KeyLocator keyLocator(keyName);
49
50 switch (algType) {
Yingdi Yu3decf4e2015-11-02 12:33:31 -0800[diff] [blame]51 case tlv::AlgorithmAesCbc: {
Prashanth Swaminathand5b3eae2015-07-09 15:37:05 -0700[diff] [blame]52 const Buffer& encryptedPayload = Aes::encrypt(key, keyLen, payload, payloadLen, params);
Zhiyi Zhang19a11d22018-04-12 22:58:20 -0700[diff] [blame^]53 return EncryptedContent(algType, keyLocator,
54 encryptedPayload.data(),
55 encryptedPayload.size(),
56 iv.data(), iv.size());
Prashanth Swaminathand5b3eae2015-07-09 15:37:05 -0700[diff] [blame]57 }
58 default: {
59 BOOST_ASSERT(false);
Zhiyi Zhang19a11d22018-04-12 22:58:20 -0700[diff] [blame^]60 BOOST_THROW_EXCEPTION(algo::Error("Unsupported encryption method"));
Prashanth Swaminathand5b3eae2015-07-09 15:37:05 -0700[diff] [blame]61 }
62 }
63}
64
65/**
66 * @brief Helper method for asymmetric encryption
67 *
68 * Encrypt @p payload using @p key according to @p params.
69 *
70 * @pre @p payloadLen should be within the range of the key.
71 * @return An EncryptedContent
72 */
73static EncryptedContent
74encryptAsymmetric(const uint8_t* payload, size_t payloadLen,
75 const uint8_t* key, size_t keyLen,
Zhiyi Zhang19a11d22018-04-12 22:58:20 -0700[diff] [blame^]76 const Name& keyName,
77 const EncryptParams& params)
Prashanth Swaminathand5b3eae2015-07-09 15:37:05 -0700[diff] [blame]78{
79 tlv::AlgorithmTypeValue algType = params.getAlgorithmType();
80 KeyLocator keyLocator(keyName);
81
82 switch (algType) {
83 case tlv::AlgorithmRsaPkcs:
84 case tlv::AlgorithmRsaOaep: {
Zhiyi Zhang19a11d22018-04-12 22:58:20 -0700[diff] [blame^]85 Buffer encryptedPayload = Rsa::encrypt(key, keyLen, payload, payloadLen);
86 return EncryptedContent(algType, keyLocator, encryptedPayload.data(), encryptedPayload.size());
Prashanth Swaminathand5b3eae2015-07-09 15:37:05 -0700[diff] [blame]87 }
88 default: {
89 BOOST_ASSERT(false);
Zhiyi Zhang19a11d22018-04-12 22:58:20 -0700[diff] [blame^]90 BOOST_THROW_EXCEPTION(algo::Error("Unsupported encryption method"));
Prashanth Swaminathand5b3eae2015-07-09 15:37:05 -0700[diff] [blame]91 }
92 }
93}
94
95void
96encryptData(Data& data, const uint8_t* payload, size_t payloadLen,
97 const Name& keyName, const uint8_t* key, size_t keyLen,
98 const EncryptParams& params)
99{
Yingdi Yu3decf4e2015-11-02 12:33:31 -0800[diff] [blame]100 Name dataName = data.getName();
101 dataName.append(NAME_COMPONENT_FOR).append(keyName);
102 data.setName(dataName);
Zhiyi Zhang19a11d22018-04-12 22:58:20 -0700[diff] [blame^]103 switch (params.getAlgorithmType()) {
Prashanth Swaminathand5b3eae2015-07-09 15:37:05 -0700[diff] [blame]104 case tlv::AlgorithmAesCbc:
105 case tlv::AlgorithmAesEcb: {
Zhiyi Zhang19a11d22018-04-12 22:58:20 -0700[diff] [blame^]106 const EncryptedContent& content =
107 encryptSymmetric(payload, payloadLen, key, keyLen, keyName, params);
Prashanth Swaminathand5b3eae2015-07-09 15:37:05 -0700[diff] [blame]108 data.setContent(content.wireEncode());
109 break;
110 }
111 case tlv::AlgorithmRsaPkcs:
112 case tlv::AlgorithmRsaOaep: {
Zhiyi Zhang19a11d22018-04-12 22:58:20 -0700[diff] [blame^]113 if (payloadLen > keyLen - 11) {
114 uint8_t nonceKey[16];
115 int result = RAND_bytes(nonceKey, sizeof(nonceKey));
116 if (result != 1) {
117 BOOST_THROW_EXCEPTION(Error("Cannot generate 32 bytes random AES key"));
118 }
Prashanth Swaminathand5b3eae2015-07-09 15:37:05 -0700[diff] [blame]119
120 Name nonceKeyName(keyName);
121 nonceKeyName.append("nonce");
122
Zhiyi Zhang19a11d22018-04-12 22:58:20 -0700[diff] [blame^]123 EncryptParams symParams(tlv::AlgorithmAesCbc, 16);
Prashanth Swaminathand5b3eae2015-07-09 15:37:05 -0700[diff] [blame]124
125 const EncryptedContent& nonceContent =
Zhiyi Zhang19a11d22018-04-12 22:58:20 -0700[diff] [blame^]126 encryptSymmetric(payload, payloadLen, nonceKey, sizeof(nonceKey), nonceKeyName, symParams);
Prashanth Swaminathand5b3eae2015-07-09 15:37:05 -0700[diff] [blame]127
128 const EncryptedContent& payloadContent =
Zhiyi Zhang19a11d22018-04-12 22:58:20 -0700[diff] [blame^]129 encryptAsymmetric(nonceKey, sizeof(nonceKey), key, keyLen, keyName, params);
Prashanth Swaminathand5b3eae2015-07-09 15:37:05 -0700[diff] [blame]130
131 Block content(tlv::Content);
132 content.push_back(payloadContent.wireEncode());
133 content.push_back(nonceContent.wireEncode());
134
135 data.setContent(content);
136 return;
137 }
138 else {
Zhiyi Zhang19a11d22018-04-12 22:58:20 -0700[diff] [blame^]139 const EncryptedContent& content =
140 encryptAsymmetric(payload, payloadLen, key, keyLen, keyName, params);
Prashanth Swaminathand5b3eae2015-07-09 15:37:05 -0700[diff] [blame]141 data.setContent(content.wireEncode());
142 return;
143 }
144 }
145 default:
Zhiyi Zhang19a11d22018-04-12 22:58:20 -0700[diff] [blame^]146 BOOST_THROW_EXCEPTION(algo::Error("Unsupported encryption method"));
Prashanth Swaminathand5b3eae2015-07-09 15:37:05 -0700[diff] [blame]147 }
148}
149
150} // namespace algo
151} // namespace gep
152} // namespace ndn