void Encryptor::encryptData (Data& data, const Blob& payload, const Name& keyName, const Blob& key, const EncryptParams& params) { data.getName().append(getNAME_COMPONENT_FOR()).append(keyName); ndn_EncryptAlgorithmType algorithmType = params.getAlgorithmType(); if (algorithmType == ndn_EncryptAlgorithmType_AesCbc || algorithmType == ndn_EncryptAlgorithmType_AesEcb) { EncryptedContent content = encryptSymmetric(payload, key, keyName, params); data.setContent(content.wireEncode(*TlvWireFormat::get())); } else if (algorithmType == ndn_EncryptAlgorithmType_RsaPkcs || algorithmType == ndn_EncryptAlgorithmType_RsaOaep) { // Openssl doesn't have an easy way to get the maximum plain text size, so // try to encrypt the payload first and catch the error if it is too big. try { EncryptedContent content = encryptAsymmetric(payload, key, keyName, params); data.setContent(content.wireEncode(*TlvWireFormat::get())); return; } catch (SecurityException&) { // The payload is larger than the maximum plaintext size. Continue. } // 128-bit nonce. ptr_lib::shared_ptr<vector<uint8_t> > nonceKeyBuffer(new vector<uint8_t>(16)); ndn_Error error; if ((error = CryptoLite::generateRandomBytes (&nonceKeyBuffer->front(), nonceKeyBuffer->size()))) throw runtime_error(ndn_getErrorString(error)); Blob nonceKey(nonceKeyBuffer, false); Name nonceKeyName(keyName); nonceKeyName.append("nonce"); EncryptParams symmetricParams (ndn_EncryptAlgorithmType_AesCbc, AesAlgorithm::BLOCK_SIZE); EncryptedContent nonceContent = encryptSymmetric (payload, nonceKey, nonceKeyName, symmetricParams); EncryptedContent payloadContent = encryptAsymmetric (nonceKey, key, keyName, params); Blob nonceContentEncoding = nonceContent.wireEncode(); Blob payloadContentEncoding = payloadContent.wireEncode(); ptr_lib::shared_ptr<vector<uint8_t> > content(new vector<uint8_t> (nonceContentEncoding.size() + payloadContentEncoding.size())); ndn_memcpy(&content->front(), payloadContentEncoding.buf(), payloadContentEncoding.size()); ndn_memcpy(&content->front() + payloadContentEncoding.size(), nonceContentEncoding.buf(), nonceContentEncoding.size()); data.setContent(Blob(content, false)); } else throw runtime_error("Unsupported encryption method"); }
static ndn_Error decodeValidityPeriod (struct ndn_ValidityPeriod *validityPeriod, struct ndn_TlvDecoder *decoder) { ndn_Error error; size_t endOffset; // Expect a 15-character ISO string like "20131018T184139". const size_t isoStringMaxLength = 15; char isoString[isoStringMaxLength + 1]; struct ndn_Blob isoStringBlob; if ((error = ndn_TlvDecoder_readNestedTlvsStart (decoder, ndn_Tlv_ValidityPeriod_ValidityPeriod, &endOffset))) return error; ndn_ValidityPeriod_clear(validityPeriod); // Decode notBefore as an ISO string. if ((error = ndn_TlvDecoder_readBlobTlv (decoder, ndn_Tlv_ValidityPeriod_NotBefore, &isoStringBlob))) return error; if (isoStringBlob.length > isoStringMaxLength) return NDN_ERROR_Calendar_time_value_out_of_range; ndn_memcpy((uint8_t *)isoString, isoStringBlob.value, isoStringBlob.length); isoString[isoStringBlob.length] = 0; if ((error = ndn_fromIsoString(isoString, &validityPeriod->notBefore))) return error; // Decode notAfter as an ISO string. if ((error = ndn_TlvDecoder_readBlobTlv (decoder, ndn_Tlv_ValidityPeriod_NotAfter, &isoStringBlob))) return error; if (isoStringBlob.length > isoStringMaxLength) return NDN_ERROR_Calendar_time_value_out_of_range; ndn_memcpy((uint8_t *)isoString, isoStringBlob.value, isoStringBlob.length); isoString[isoStringBlob.length] = 0; if ((error = ndn_fromIsoString(isoString, &validityPeriod->notAfter))) return error; if ((error = ndn_TlvDecoder_finishNestedTlvs(decoder, endOffset))) return error; return NDN_ERROR_success; }
/** * This private function is called by ndn_TlvEncoder_writeNestedTlv to write the TLVs in the body of the Interest value. * @param context This is the InterestValueContext struct pointer which was passed to writeTlv. * @param encoder the ndn_TlvEncoder which is calling this. * @return 0 for success, else an error code. */ static ndn_Error encodeInterestValue(const void *context, struct ndn_TlvEncoder *encoder) { const struct InterestValueContext *interestValueContext = (const struct InterestValueContext *)context; const struct ndn_Interest *interest = interestValueContext->interest; ndn_Error error; uint8_t nonceBuffer[4]; struct ndn_Blob nonceBlob; if ((error = ndn_encodeTlvName (&interest->name, interestValueContext->signedPortionBeginOffset, interestValueContext->signedPortionEndOffset, encoder))) return error; // For Selectors, set omitZeroLength true. if ((error = ndn_TlvEncoder_writeNestedTlv(encoder, ndn_Tlv_Selectors, encodeSelectorsValue, interest, 1))) return error; // Encode the Nonce as 4 bytes. nonceBlob.length = sizeof(nonceBuffer); if (interest->nonce.length == 0) { // Generate a random nonce. if ((error = ndn_generateRandomBytes(nonceBuffer, sizeof(nonceBuffer)))) return error; nonceBlob.value = nonceBuffer; } else if (interest->nonce.length < 4) { // TLV encoding requires 4 bytes, so pad out to 4 using random bytes. ndn_memcpy(nonceBuffer, interest->nonce.value, interest->nonce.length); if ((error = ndn_generateRandomBytes (nonceBuffer + interest->nonce.length, sizeof(nonceBuffer) - interest->nonce.length))) return error; nonceBlob.value = nonceBuffer; } else // TLV encoding requires 4 bytes, so truncate to 4. nonceBlob.value = interest->nonce.value; if ((error = ndn_TlvEncoder_writeBlobTlv(encoder, ndn_Tlv_Nonce, &nonceBlob))) return error; if ((error = ndn_TlvEncoder_writeOptionalNonNegativeIntegerTlvFromDouble (encoder, ndn_Tlv_InterestLifetime, interest->interestLifetimeMilliseconds))) return error; if (interest->forwardingHintWireEncoding.value && interest->forwardingHintWireEncoding.length > 0) { if (interest->selectedDelegationIndex >= 0) return NDN_ERROR_An_Interest_may_not_have_a_selected_delegation_when_encoding_a_forwarding_hint; if (interest->linkWireEncoding.value) return NDN_ERROR_An_Interest_may_not_have_a_link_object_when_encoding_a_forwarding_hint; // Add the encoded sequence of delegations as is. if ((error = ndn_TlvEncoder_writeBlobTlv (encoder, ndn_Tlv_ForwardingHint, &interest->forwardingHintWireEncoding))) return error; } if (interest->linkWireEncoding.value) { // Encode the entire link as is. if ((error = ndn_TlvEncoder_writeArray (encoder, interest->linkWireEncoding.value, interest->linkWireEncoding.length))) return error; } if ((error = ndn_TlvEncoder_writeOptionalNonNegativeIntegerTlv (encoder, ndn_Tlv_SelectedDelegation, interest->selectedDelegationIndex))) return error; return NDN_ERROR_success; }