Blame - src/algo/encryptor.cpp - name-based-access-control

blob: 4f626c2e9d1de659978fbaafb947bf79f097e867 [file] [log] [blame]

Prashanth Swaminathan	d5b3eae	2015-07-09 15:37:05 -0700	[diff] [blame]	1	/* -- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -- */
				2	/**
Zhiyi Zhang	19a11d2	2018-04-12 22:58:20 -0700	[diff] [blame]	3	* Copyright (c) 2014-2018, Regents of the University of California
Prashanth Swaminathan	d5b3eae	2015-07-09 15:37:05 -0700	[diff] [blame]	4	*
Alexander Afanasyev	9091d83	2018-04-18 17:21:08 -0400	[diff] [blame^]	5	* This file is part of NAC (Name-Based Access Control for NDN).
				6	* See AUTHORS.md for complete list of NAC authors and contributors.
Prashanth Swaminathan	d5b3eae	2015-07-09 15:37:05 -0700	[diff] [blame]	7	*
Alexander Afanasyev	9091d83	2018-04-18 17:21:08 -0400	[diff] [blame^]	8	* NAC is free software: you can redistribute it and/or modify it under the terms
				9	* of the GNU General Public License as published by the Free Software Foundation,
				10	* either version 3 of the License, or (at your option) any later version.
Prashanth Swaminathan	d5b3eae	2015-07-09 15:37:05 -0700	[diff] [blame]	11	*
Alexander Afanasyev	9091d83	2018-04-18 17:21:08 -0400	[diff] [blame^]	12	* NAC is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
				13	* without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
				14	* PURPOSE. See the GNU General Public License for more details.
Prashanth Swaminathan	d5b3eae	2015-07-09 15:37:05 -0700	[diff] [blame]	15	*
				16	* You should have received a copy of the GNU General Public License along with
Alexander Afanasyev	9091d83	2018-04-18 17:21:08 -0400	[diff] [blame^]	17	* NAC, e.g., in COPYING.md file. If not, see <http://www.gnu.org/licenses/>.
Prashanth Swaminathan	d5b3eae	2015-07-09 15:37:05 -0700	[diff] [blame]	18	*/
				19
				20	#include "encryptor.hpp"
Yingdi Yu	b3c4776	2016-03-20 19:37:27 -0700	[diff] [blame]	21	#include "aes.hpp"
				22	#include "rsa.hpp"
Zhiyi Zhang	19a11d2	2018-04-12 22:58:20 -0700	[diff] [blame]	23	#include "../encrypted-content.hpp"
Yingdi Yu	b3c4776	2016-03-20 19:37:27 -0700	[diff] [blame]	24	#include "error.hpp"
Zhiyi Zhang	19a11d2	2018-04-12 22:58:20 -0700	[diff] [blame]	25	#include <openssl/rand.h>
Prashanth Swaminathan	d5b3eae	2015-07-09 15:37:05 -0700	[diff] [blame]	26
				27	namespace ndn {
Alexander Afanasyev	9091d83	2018-04-18 17:21:08 -0400	[diff] [blame^]	28	namespace nac {
Prashanth Swaminathan	d5b3eae	2015-07-09 15:37:05 -0700	[diff] [blame]	29	namespace algo {
				30
Prashanth Swaminathan	d5b3eae	2015-07-09 15:37:05 -0700	[diff] [blame]	31	/**
				32	* @brief Helper method for symmetric encryption
				33	*
				34	* Encrypt @p payload using @p key according to @p params.
				35	*
				36	* @return An EncryptedContent
				37	*/
				38	static EncryptedContent
Zhiyi Zhang	19a11d2	2018-04-12 22:58:20 -0700	[diff] [blame]	39	encryptSymmetric(const uint8_t* payload,
				40	size_t payloadLen,
				41	const uint8_t* key,
				42	size_t keyLen,
				43	const Name& keyName,
				44	const EncryptParams& params)
Prashanth Swaminathan	d5b3eae	2015-07-09 15:37:05 -0700	[diff] [blame]	45	{
				46	tlv::AlgorithmTypeValue algType = params.getAlgorithmType();
				47	const Buffer& iv = params.getIV();
				48	KeyLocator keyLocator(keyName);
				49
				50	switch (algType) {
Yingdi Yu	3decf4e	2015-11-02 12:33:31 -0800	[diff] [blame]	51	case tlv::AlgorithmAesCbc: {
Prashanth Swaminathan	d5b3eae	2015-07-09 15:37:05 -0700	[diff] [blame]	52	const Buffer& encryptedPayload = Aes::encrypt(key, keyLen, payload, payloadLen, params);
Zhiyi Zhang	19a11d2	2018-04-12 22:58:20 -0700	[diff] [blame]	53	return EncryptedContent(algType, keyLocator,
				54	encryptedPayload.data(),
				55	encryptedPayload.size(),
				56	iv.data(), iv.size());
Prashanth Swaminathan	d5b3eae	2015-07-09 15:37:05 -0700	[diff] [blame]	57	}
				58	default: {
				59	BOOST_ASSERT(false);
Zhiyi Zhang	19a11d2	2018-04-12 22:58:20 -0700	[diff] [blame]	60	BOOST_THROW_EXCEPTION(algo::Error("Unsupported encryption method"));
Prashanth Swaminathan	d5b3eae	2015-07-09 15:37:05 -0700	[diff] [blame]	61	}
				62	}
				63	}
				64
				65	/**
				66	* @brief Helper method for asymmetric encryption
				67	*
				68	* Encrypt @p payload using @p key according to @p params.
				69	*
				70	* @pre @p payloadLen should be within the range of the key.
				71	* @return An EncryptedContent
				72	*/
				73	static EncryptedContent
				74	encryptAsymmetric(const uint8_t* payload, size_t payloadLen,
				75	const uint8_t* key, size_t keyLen,
Zhiyi Zhang	19a11d2	2018-04-12 22:58:20 -0700	[diff] [blame]	76	const Name& keyName,
				77	const EncryptParams& params)
Prashanth Swaminathan	d5b3eae	2015-07-09 15:37:05 -0700	[diff] [blame]	78	{
				79	tlv::AlgorithmTypeValue algType = params.getAlgorithmType();
				80	KeyLocator keyLocator(keyName);
				81
				82	switch (algType) {
				83	case tlv::AlgorithmRsaPkcs:
				84	case tlv::AlgorithmRsaOaep: {
Zhiyi Zhang	19a11d2	2018-04-12 22:58:20 -0700	[diff] [blame]	85	Buffer encryptedPayload = Rsa::encrypt(key, keyLen, payload, payloadLen);
				86	return EncryptedContent(algType, keyLocator, encryptedPayload.data(), encryptedPayload.size());
Prashanth Swaminathan	d5b3eae	2015-07-09 15:37:05 -0700	[diff] [blame]	87	}
				88	default: {
				89	BOOST_ASSERT(false);
Zhiyi Zhang	19a11d2	2018-04-12 22:58:20 -0700	[diff] [blame]	90	BOOST_THROW_EXCEPTION(algo::Error("Unsupported encryption method"));
Prashanth Swaminathan	d5b3eae	2015-07-09 15:37:05 -0700	[diff] [blame]	91	}
				92	}
				93	}
				94
				95	void
				96	encryptData(Data& data, const uint8_t* payload, size_t payloadLen,
				97	const Name& keyName, const uint8_t* key, size_t keyLen,
				98	const EncryptParams& params)
				99	{
Yingdi Yu	3decf4e	2015-11-02 12:33:31 -0800	[diff] [blame]	100	Name dataName = data.getName();
				101	dataName.append(NAME_COMPONENT_FOR).append(keyName);
				102	data.setName(dataName);
Zhiyi Zhang	19a11d2	2018-04-12 22:58:20 -0700	[diff] [blame]	103	switch (params.getAlgorithmType()) {
Prashanth Swaminathan	d5b3eae	2015-07-09 15:37:05 -0700	[diff] [blame]	104	case tlv::AlgorithmAesCbc:
				105	case tlv::AlgorithmAesEcb: {
Zhiyi Zhang	19a11d2	2018-04-12 22:58:20 -0700	[diff] [blame]	106	const EncryptedContent& content =
				107	encryptSymmetric(payload, payloadLen, key, keyLen, keyName, params);
Prashanth Swaminathan	d5b3eae	2015-07-09 15:37:05 -0700	[diff] [blame]	108	data.setContent(content.wireEncode());
				109	break;
				110	}
				111	case tlv::AlgorithmRsaPkcs:
				112	case tlv::AlgorithmRsaOaep: {
Zhiyi Zhang	19a11d2	2018-04-12 22:58:20 -0700	[diff] [blame]	113	if (payloadLen > keyLen - 11) {
				114	uint8_t nonceKey[16];
				115	int result = RAND_bytes(nonceKey, sizeof(nonceKey));
				116	if (result != 1) {
				117	BOOST_THROW_EXCEPTION(Error("Cannot generate 32 bytes random AES key"));
				118	}
Prashanth Swaminathan	d5b3eae	2015-07-09 15:37:05 -0700	[diff] [blame]	119
				120	Name nonceKeyName(keyName);
				121	nonceKeyName.append("nonce");
				122
Zhiyi Zhang	19a11d2	2018-04-12 22:58:20 -0700	[diff] [blame]	123	EncryptParams symParams(tlv::AlgorithmAesCbc, 16);
Prashanth Swaminathan	d5b3eae	2015-07-09 15:37:05 -0700	[diff] [blame]	124
				125	const EncryptedContent& nonceContent =
Zhiyi Zhang	19a11d2	2018-04-12 22:58:20 -0700	[diff] [blame]	126	encryptSymmetric(payload, payloadLen, nonceKey, sizeof(nonceKey), nonceKeyName, symParams);
Prashanth Swaminathan	d5b3eae	2015-07-09 15:37:05 -0700	[diff] [blame]	127
				128	const EncryptedContent& payloadContent =
Zhiyi Zhang	19a11d2	2018-04-12 22:58:20 -0700	[diff] [blame]	129	encryptAsymmetric(nonceKey, sizeof(nonceKey), key, keyLen, keyName, params);
Prashanth Swaminathan	d5b3eae	2015-07-09 15:37:05 -0700	[diff] [blame]	130
				131	Block content(tlv::Content);
				132	content.push_back(payloadContent.wireEncode());
				133	content.push_back(nonceContent.wireEncode());
				134
				135	data.setContent(content);
				136	return;
				137	}
				138	else {
Zhiyi Zhang	19a11d2	2018-04-12 22:58:20 -0700	[diff] [blame]	139	const EncryptedContent& content =
				140	encryptAsymmetric(payload, payloadLen, key, keyLen, keyName, params);
Prashanth Swaminathan	d5b3eae	2015-07-09 15:37:05 -0700	[diff] [blame]	141	data.setContent(content.wireEncode());
				142	return;
				143	}
				144	}
				145	default:
Zhiyi Zhang	19a11d2	2018-04-12 22:58:20 -0700	[diff] [blame]	146	BOOST_THROW_EXCEPTION(algo::Error("Unsupported encryption method"));
Prashanth Swaminathan	d5b3eae	2015-07-09 15:37:05 -0700	[diff] [blame]	147	}
				148	}
				149
				150	} // namespace algo
Alexander Afanasyev	9091d83	2018-04-18 17:21:08 -0400	[diff] [blame^]	151	} // namespace nac
Prashanth Swaminathan	d5b3eae	2015-07-09 15:37:05 -0700	[diff] [blame]	152	} // namespace ndn