Gitiles
Code Review Sign In
gerrit.named-data.net / name-based-access-control / b2105900680f0eb70c842ac3732a0f75fba43372 / . / src / consumer.cpp
blob: f515652e6b28a52bf06d439c6cf926ca01b80033 [file] [log] [blame]
Zhiyi Zhang5f133622015-10-17 08:49:54 +0800[diff] [blame]1/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
2/**
3 * Copyright (c) 2014-2015, Regents of the University of California
4 *
5 * This file is part of ndn-group-encrypt (Group-based Encryption Protocol for NDN).
6 * See AUTHORS.md for complete list of ndn-group-encrypt authors and contributors.
7 *
8 * ndn-group-encrypt is free software: you can redistribute it and/or modify it under the terms
9 * of the GNU General Public License as published by the Free Software Foundation,
10 * either version 3 of the License, or (at your option) any later version.
11 *
12 * ndn-group-encrypt is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
13 * without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
14 * PURPOSE. See the GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License along with
17 * ndn-group-encrypt, e.g., in COPYING.md file. If not, see <http://www.gnu.org/licenses/>.
18 *
19 * @author Zhiyi Zhang <dreamerbarrychang@gmail.com>
20 * @author Yingdi Yu <yingdi@cs.ucla.edu>
21 */
22
23#include "consumer.hpp"
24#include "encrypted-content.hpp"
25
26namespace ndn {
27namespace gep {
28
29// public
30Consumer::Consumer(Face& face, const Name& groupName, const Name& consumerName, const std::string& dbDir)
31 : m_db(dbDir)
32 , m_validator(new ValidatorNull)
33 , m_face(face)
34 , m_groupName(groupName)
35 , m_consumerName(consumerName)
36{
37}
38
39void
40Consumer::setGroup(const Name& groupName)
41{
42 m_groupName = groupName;
43}
44
45void
46Consumer::addDecryptionKey(const Name& keyName, const Buffer& keyBuf)
47{
48 BOOST_ASSERT(m_consumerName.isPrefixOf(keyName));
49
50 m_db.addKey(keyName, keyBuf);
51}
52
53void
54Consumer::consume(const Name& contentName,
55 const ConsumptionCallBack& consumptionCallBack,
56 const ErrorCallBack& errorCallBack)
57{
58 shared_ptr<Interest> interest = make_shared<Interest>(contentName);
59
60 // prepare callback functions
61 auto onData = [=] (const Interest& contentInterest, const Data& contentData) {
62 if (!contentInterest.matchesData(contentData))
63 return;
64
65 this->m_validator->validate(contentData,
66 [=] (const shared_ptr<const Data>& validData) {
67 // decrypt content
68 decryptContent(*validData,
69 [=] (const Buffer& plainText) {consumptionCallBack(contentData, plainText);},
70 errorCallBack);
71 },
72 [=] (const shared_ptr<const Data>& d, const std::string& e) {
73 errorCallBack(ErrorCode::Validation, e);
74 });
75 };
76
77 auto onTimeout = [=] (const Interest& contentInterest) {
78 // we should re-try at least once.
79 this->m_face.expressInterest(*interest, onData,
80 [=] (const Interest& contentInterest) {
81 errorCallBack(ErrorCode::Timeout, interest->getName().toUri());
82 });
83 };
84
85 // express Interest packet
86 m_face.expressInterest(*interest, onData, onTimeout);
87}
88
89// private
90
91void
92Consumer::decrypt(const Block& encryptedBlock,
93 const Buffer& keyBits,
94 const PlainTextCallBack& plainTextCallBack,
95 const ErrorCallBack& errorCallBack)
96{
97 EncryptedContent encryptedContent(encryptedBlock);
98 const Buffer& payload = encryptedContent.getPayload();
99
100 switch (encryptedContent.getAlgorithmType()) {
101 case tlv::AlgorithmAesCbc: {
102 // prepare parameter
103 algo::EncryptParams decryptParams(tlv::AlgorithmAesCbc);
104 decryptParams.setIV(encryptedContent.getInitialVector().buf(),
105 encryptedContent.getInitialVector().size());
106
107 // decrypt content
108 Buffer content = algo::Aes::decrypt(keyBits.buf(), keyBits.size(),
109 payload.buf(), payload.size(),
110 decryptParams);
111 plainTextCallBack(content);
112 break;
113 }
114 case tlv::AlgorithmRsaOaep: {
115 // prepare parameter
116 algo::EncryptParams decryptParams(tlv::AlgorithmRsaOaep);
117
118 // decrypt content
119 Buffer content = algo::Rsa::decrypt(keyBits.buf(), keyBits.size(),
120 payload.buf(), payload.size(),
121 decryptParams);
122 plainTextCallBack(content);
123 break;
124 }
125 default: {
126 errorCallBack(ErrorCode::UnsupportedEncryptionScheme,
127 std::to_string(encryptedContent.getAlgorithmType()));
128 }
129 }
130}
131
132void
133Consumer::decryptContent(const Data& data,
134 const PlainTextCallBack& plainTextCallBack,
135 const ErrorCallBack& errorCallBack)
136{
137 // get encrypted content
138 Block encryptedContent = data.getContent().blockFromValue();
139 Name cKeyName = EncryptedContent(encryptedContent).getKeyLocator().getName();
140
141 // check if content key already in store
142 auto it = m_cKeyMap.find(cKeyName);
143
144 if (it != m_cKeyMap.end()) { // decrypt content directly
145 decrypt(encryptedContent, it->second, plainTextCallBack, errorCallBack);
146 }
147 else {
148 // retrieve the C-Key Data from network
149 Name interestName = cKeyName;
150 interestName.append(NAME_COMPONENT_FOR).append(m_groupName);
151 shared_ptr<Interest> interest = make_shared<Interest>(interestName);
152
153 // prepare callback functions
154 auto onData = [=] (const Interest& cKeyInterest, const Data& cKeyData) {
155 if (!cKeyInterest.matchesData(cKeyData))
156 return;
157
158 this->m_validator->validate(cKeyData,
159 [=] (const shared_ptr<const Data>& validCKeyData) {
160 decryptCKey(*validCKeyData,
161 [=] (const Buffer& cKeyBits) {
162 decrypt(encryptedContent, cKeyBits, plainTextCallBack, errorCallBack);
163 this->m_cKeyMap.insert(std::make_pair(cKeyName, cKeyBits));
164 },
165 errorCallBack);},
166 [=] (const shared_ptr<const Data>& d, const std::string& e) {
167 errorCallBack(ErrorCode::Validation, e);
168 });
169 };
170
171 auto onTimeout = [=] (const Interest& cKeyInterest) {
172 // we should re-try at least once.
173 this->m_face.expressInterest(*interest, onData,
174 [=] (const Interest& contentInterest) {
175 errorCallBack(ErrorCode::Timeout, interest->getName().toUri());
176 });
177 };
178
179 // express Interest packet
180 m_face.expressInterest(*interest, onData, onTimeout);
181 }
182}
183
184void
185Consumer::decryptCKey(const Data& cKeyData,
186 const PlainTextCallBack& plainTextCallBack,
187 const ErrorCallBack& errorCallBack)
188{
189 // get encrypted content
190 Block cKeyContent = cKeyData.getContent().blockFromValue();
191 Name eKeyName = EncryptedContent(cKeyContent).getKeyLocator().getName();
192 Name dKeyName = eKeyName.getPrefix(-3);
193 dKeyName.append(NAME_COMPONENT_D_KEY).append(eKeyName.getSubName(-2));
194
195 // check if decryption key already in store
196 auto it = m_dKeyMap.find(dKeyName);
197
198 if (it != m_dKeyMap.end()) { // decrypt C-Key directly
199 decrypt(cKeyContent, it->second, plainTextCallBack, errorCallBack);
200 }
201 else {
202 // get the D-Key Data
203 Name interestName = dKeyName;
204 interestName.append(NAME_COMPONENT_FOR).append(m_consumerName);
205 shared_ptr<Interest> interest = make_shared<Interest>(dKeyName);
206
207 // prepare callback functions
208 auto onData = [=] (const Interest& dKeyInterest, const Data& dKeyData) {
209 if (!dKeyInterest.matchesData(dKeyData))
210 return;
211
212 this->m_validator->validate(dKeyData,
213 [=] (const shared_ptr<const Data>& validDKeyData) {
214 decryptDKey(*validDKeyData,
215 [=] (const Buffer& dKeyBits) {
216 decrypt(cKeyContent, dKeyBits, plainTextCallBack, errorCallBack);
217 this->m_dKeyMap.insert(std::make_pair(dKeyName, dKeyBits));
218 },
219 errorCallBack);},
220 [=] (const shared_ptr<const Data>& d, const std::string& e) {
221 errorCallBack(ErrorCode::Validation, e);
222 });
223 };
224
225 auto onTimeout = [=] (const Interest& dKeyInterest) {
226 // we should re-try at least once.
227 this->m_face.expressInterest(*interest, onData,
228 [=] (const Interest& contentInterest) {
229 errorCallBack(ErrorCode::Timeout, interest->getName().toUri());
230 });
231 };
232
233 // express Interest packet
234 m_face.expressInterest(*interest, onData, onTimeout);
235 }
236}
237
238void
239Consumer::decryptDKey(const Data& dKeyData,
240 const PlainTextCallBack& plainTextCallBack,
241 const ErrorCallBack& errorCallBack)
242{
243 // get encrypted content
244 Block dataContent = dKeyData.getContent();
245 dataContent.parse();
246
247 if (dataContent.elements_size() != 2)
248 errorCallBack(ErrorCode::InvalidEncryptedFormat,
249 "Data packet does not satisfy D-KEY packet format");
250
251 // process nonce;
252 auto it = dataContent.elements_begin();
253 Block encryptedNonceBlock = *it;
254 EncryptedContent encryptedNonce(encryptedNonceBlock);
255 Name consumerKeyName = encryptedNonce.getKeyLocator().getName();
256
257 // get consumer decryption key
258 Buffer consumerKeyBuf = getDecryptionKey(consumerKeyName);
259 if (consumerKeyBuf.empty()) {
260 errorCallBack(ErrorCode::NoDecryptKey,
261 "No desired consumer decryption key in database");
262 return;
263 }
264
265 // process d-key
266 it++;
267 Block encryptedPayloadBlock = *it;
268
269 // decrypt d-key
270 decrypt(encryptedNonceBlock, consumerKeyBuf,
271 [&] (const Buffer& nonceKeyBits) {
272 decrypt(encryptedPayloadBlock, nonceKeyBits, plainTextCallBack, errorCallBack);
273 },
274 errorCallBack);
275}
276
277const Buffer
278Consumer::getDecryptionKey(const Name& decryptionKeyName)
279{
280 return m_db.getKey(decryptionKeyName);
281}
282
283} // namespace gep
284} // namespace ndn