void
Encryptor::encryptData
(Data& data, const Blob& payload, const Name& keyName, const Blob& key,
const EncryptParams& params)
{
data.getName().append(getNAME_COMPONENT_FOR()).append(keyName);
ndn_EncryptAlgorithmType algorithmType = params.getAlgorithmType();
if (algorithmType == ndn_EncryptAlgorithmType_AesCbc ||
algorithmType == ndn_EncryptAlgorithmType_AesEcb) {
EncryptedContent content = encryptSymmetric(payload, key, keyName, params);
data.setContent(content.wireEncode(*TlvWireFormat::get()));
}
else if (algorithmType == ndn_EncryptAlgorithmType_RsaPkcs ||
algorithmType == ndn_EncryptAlgorithmType_RsaOaep) {
// Openssl doesn't have an easy way to get the maximum plain text size, so
// try to encrypt the payload first and catch the error if it is too big.
try {
EncryptedContent content = encryptAsymmetric(payload, key, keyName, params);
data.setContent(content.wireEncode(*TlvWireFormat::get()));
return;
} catch (SecurityException&) {
// The payload is larger than the maximum plaintext size. Continue.
}
// 128-bit nonce.
ptr_lib::shared_ptr<vector<uint8_t> > nonceKeyBuffer(new vector<uint8_t>(16));
ndn_Error error;
if ((error = CryptoLite::generateRandomBytes
(&nonceKeyBuffer->front(), nonceKeyBuffer->size())))
throw runtime_error(ndn_getErrorString(error));
Blob nonceKey(nonceKeyBuffer, false);
Name nonceKeyName(keyName);
nonceKeyName.append("nonce");
EncryptParams symmetricParams
(ndn_EncryptAlgorithmType_AesCbc, AesAlgorithm::BLOCK_SIZE);
EncryptedContent nonceContent = encryptSymmetric
(payload, nonceKey, nonceKeyName, symmetricParams);
EncryptedContent payloadContent = encryptAsymmetric
(nonceKey, key, keyName, params);
Blob nonceContentEncoding = nonceContent.wireEncode();
Blob payloadContentEncoding = payloadContent.wireEncode();
ptr_lib::shared_ptr<vector<uint8_t> > content(new vector<uint8_t>
(nonceContentEncoding.size() + payloadContentEncoding.size()));
ndn_memcpy(&content->front(), payloadContentEncoding.buf(),
payloadContentEncoding.size());
ndn_memcpy(&content->front() + payloadContentEncoding.size(),
nonceContentEncoding.buf(), nonceContentEncoding.size());
data.setContent(Blob(content, false));
}
else
throw runtime_error("Unsupported encryption method");
}
static ndn_Error
decodeValidityPeriod
(struct ndn_ValidityPeriod *validityPeriod, struct ndn_TlvDecoder *decoder)
{
ndn_Error error;
size_t endOffset;
// Expect a 15-character ISO string like "20131018T184139".
const size_t isoStringMaxLength = 15;
char isoString[isoStringMaxLength + 1];
struct ndn_Blob isoStringBlob;
if ((error = ndn_TlvDecoder_readNestedTlvsStart
(decoder, ndn_Tlv_ValidityPeriod_ValidityPeriod, &endOffset)))
return error;
ndn_ValidityPeriod_clear(validityPeriod);
// Decode notBefore as an ISO string.
if ((error = ndn_TlvDecoder_readBlobTlv
(decoder, ndn_Tlv_ValidityPeriod_NotBefore, &isoStringBlob)))
return error;
if (isoStringBlob.length > isoStringMaxLength)
return NDN_ERROR_Calendar_time_value_out_of_range;
ndn_memcpy((uint8_t *)isoString, isoStringBlob.value, isoStringBlob.length);
isoString[isoStringBlob.length] = 0;
if ((error = ndn_fromIsoString(isoString, &validityPeriod->notBefore)))
return error;
// Decode notAfter as an ISO string.
if ((error = ndn_TlvDecoder_readBlobTlv
(decoder, ndn_Tlv_ValidityPeriod_NotAfter, &isoStringBlob)))
return error;
if (isoStringBlob.length > isoStringMaxLength)
return NDN_ERROR_Calendar_time_value_out_of_range;
ndn_memcpy((uint8_t *)isoString, isoStringBlob.value, isoStringBlob.length);
isoString[isoStringBlob.length] = 0;
if ((error = ndn_fromIsoString(isoString, &validityPeriod->notAfter)))
return error;
if ((error = ndn_TlvDecoder_finishNestedTlvs(decoder, endOffset)))
return error;
return NDN_ERROR_success;
}
/**
* This private function is called by ndn_TlvEncoder_writeNestedTlv to write the TLVs in the body of the Interest value.
* @param context This is the InterestValueContext struct pointer which was passed to writeTlv.
* @param encoder the ndn_TlvEncoder which is calling this.
* @return 0 for success, else an error code.
*/
static ndn_Error
encodeInterestValue(const void *context, struct ndn_TlvEncoder *encoder)
{
const struct InterestValueContext *interestValueContext =
(const struct InterestValueContext *)context;
const struct ndn_Interest *interest = interestValueContext->interest;
ndn_Error error;
uint8_t nonceBuffer[4];
struct ndn_Blob nonceBlob;
if ((error = ndn_encodeTlvName
(&interest->name, interestValueContext->signedPortionBeginOffset,
interestValueContext->signedPortionEndOffset, encoder)))
return error;
// For Selectors, set omitZeroLength true.
if ((error = ndn_TlvEncoder_writeNestedTlv(encoder, ndn_Tlv_Selectors, encodeSelectorsValue, interest, 1)))
return error;
// Encode the Nonce as 4 bytes.
nonceBlob.length = sizeof(nonceBuffer);
if (interest->nonce.length == 0) {
// Generate a random nonce.
if ((error = ndn_generateRandomBytes(nonceBuffer, sizeof(nonceBuffer))))
return error;
nonceBlob.value = nonceBuffer;
}
else if (interest->nonce.length < 4) {
// TLV encoding requires 4 bytes, so pad out to 4 using random bytes.
ndn_memcpy(nonceBuffer, interest->nonce.value, interest->nonce.length);
if ((error = ndn_generateRandomBytes
(nonceBuffer + interest->nonce.length,
sizeof(nonceBuffer) - interest->nonce.length)))
return error;
nonceBlob.value = nonceBuffer;
}
else
// TLV encoding requires 4 bytes, so truncate to 4.
nonceBlob.value = interest->nonce.value;
if ((error = ndn_TlvEncoder_writeBlobTlv(encoder, ndn_Tlv_Nonce, &nonceBlob)))
return error;
if ((error = ndn_TlvEncoder_writeOptionalNonNegativeIntegerTlvFromDouble
(encoder, ndn_Tlv_InterestLifetime, interest->interestLifetimeMilliseconds)))
return error;
if (interest->forwardingHintWireEncoding.value &&
interest->forwardingHintWireEncoding.length > 0) {
if (interest->selectedDelegationIndex >= 0)
return NDN_ERROR_An_Interest_may_not_have_a_selected_delegation_when_encoding_a_forwarding_hint;
if (interest->linkWireEncoding.value)
return NDN_ERROR_An_Interest_may_not_have_a_link_object_when_encoding_a_forwarding_hint;
// Add the encoded sequence of delegations as is.
if ((error = ndn_TlvEncoder_writeBlobTlv
(encoder, ndn_Tlv_ForwardingHint, &interest->forwardingHintWireEncoding)))
return error;
}
if (interest->linkWireEncoding.value) {
// Encode the entire link as is.
if ((error = ndn_TlvEncoder_writeArray
(encoder, interest->linkWireEncoding.value, interest->linkWireEncoding.length)))
return error;
}
if ((error = ndn_TlvEncoder_writeOptionalNonNegativeIntegerTlv
(encoder, ndn_Tlv_SelectedDelegation, interest->selectedDelegationIndex)))
return error;
return NDN_ERROR_success;
}
