std::unique_ptr<ArchiveKeys> ArchiveKeys::create_and_save(std::ostream &stream, RsaKeyPair *keypair){
std::unique_ptr<ArchiveKeys> ret;
if (keypair){
ret = make_unique(new ArchiveKeys(CryptoPP::Twofish::MAX_KEYLENGTH, CryptoPP::Twofish::BLOCKSIZE));
CryptoPP::RSA::PublicKey pub;
auto &public_key = keypair->get_public_key();
pub.Load(CryptoPP::ArraySource((const byte *)&public_key[0], public_key.size(), true));
typedef CryptoPP::RSAES<CryptoPP::OAEP<CryptoPP::SHA>>::Encryptor encryptor_t;
typedef CryptoPP::PK_EncryptorFilter filter_t;
encryptor_t enc(pub);
CryptoPP::SecByteBlock buffer(ret->get_size());
size_t offset = 0;
for (size_t i = 0; i < ret->key_count; i++){
auto &key = ret->get_key(i);
auto &iv = ret->get_iv(i);
memcpy(buffer.data() + offset, key.data(), key.size());
offset += key.size();
memcpy(buffer.data() + offset, iv.data(), iv.size());
offset += iv.size();
}
CryptoPP::ArraySource(buffer.data(), buffer.size(), true, new filter_t(*random_number_generator, enc, new CryptoPP::FileSink(stream)));
}
return ret;
}
shared_ptr<ndn::Data>
makeData( shared_ptr<const ndn::Interest> interest ) override
{
bool verified = false;
if( !interest->hasPayload() )
return NULL;
Block payload( interest->getPayload(),
interest->getPayloadLength() );
try
{
payload.parse();
NdnTagVerificationRequest request( payload );
const KeyLocator& locator = request.getLocator();
if( locator.getType() != KeyLocator::KeyLocator_KeyDigest )
{
verified = false;
}
else
{
CryptoPP::RSA::PublicKey pkey;
const Block& key_digest = locator.getKeyDigest();
string keystr( (char*)key_digest.value(), key_digest.value_size() );
CryptoPP::StringSource keysource( keystr, true );
pkey.Load( keysource );
NdnVerifier verifier( pkey );
verified = verifier.verify( request.getTag() );
}
auto data = make_shared< Data >( interest->getName() );
data->setContentType( tlv::ContentType_Blob );
data->setFreshnessPeriod( time::milliseconds( 0 ) );
NdnTagVerificationResponse response( request.getTag(),
verified );
data->setContent( response.wireEncode() );
// no legit signature is required since
// packets/interests with the prefix "ndn/internal"
// should be rejected by network gateways
Signature sig( SignatureInfo( tlv::SignatureNone ),
Block( tlv::SignatureValue ) );
data->setSignature( sig );
data->wireEncode();
return data;
}
catch( ... )
{
return NULL;
}
}
string RSA_Encryption(const string & plain){
//Encryption
AutoSeededRandomPool rng;
//Load public key
CryptoPP::RSA::PublicKey pubKey;
CryptoPP::ByteQueue bytes;
FileSource file("pubkey.txt", true, new Base64Decoder);
file.TransferTo(bytes);
bytes.MessageEnd();
pubKey.Load(bytes);
RSAES_OAEP_SHA_Encryptor e(pubKey);
string cipher;
StringSource ss1(plain, true,
new PK_EncryptorFilter(rng, e,
new StringSink(cipher)
) // PK_EncryptorFilter
); // StringSource
return cipher;
}
void cKeysStorage::savePubFile(unsigned int numberOfKey, const CryptoPP::RSA::PublicKey& pPubKey, std::string fileName)
{
std::ofstream mOutFile;
std::string mOutName; //(std::to_string(numberOfKey));
//mOutName += ".pub";
mOutName = fileName;
std::cout << "Pub file: " << fileName << std::endl;
//mOutFile.open(mOutName);
//save header
//mOutFile << "version 1" << std::endl;
//mOutFile << "crypto rsa" << std::endl;
//mOutFile << "size 4096" << std::endl;
//mOutFile << "END" << std::endl;
//generate pub key in txt file
//Base64Encoder pubkeysink(new FileSink("tmp"));
Base64Encoder pubkeysink(new FileSink(mOutName.c_str()));
pPubKey.DEREncode(pubkeysink);
pubkeysink.MessageEnd();
//std::cout << "Pub key:" << std::endl;
//append from tmp to pub file
/*std::ifstream tmpFile("tmp");
char s;
while (!tmpFile.eof())
{
tmpFile >> std::noskipws >> s;
mOutFile << s;
std::cout << s;
}
mOutFile.close();
std::cout << std::endl;*/
std::cout << "end of savePubFile" << std::endl;
}
bool cKeysStorage::RSAVerifyFile(const std::string &fileName, const std::string &instance) // load .sig file
{
using namespace CryptoPP;
std::cout << "Start RSAVerifyFile" << std::endl;
std::cout << "File name: " << fileName << std::endl;
std::cout << "instance: " << instance << std::endl;
std::string line;
std::string clearTextFileName;
int pubicKeyNumber;
// read sig file
std::ifstream input(fileName);
input >> line;
//parse data
input >> pubicKeyNumber;
//std::cout << line << " " << pubicKeyNumber << std::endl;
std::cout << "====sig===" << std::endl;
for (int i = 0; i < 4; ++i) // 3 lines
{
input >> line;
std::cout << line << " ";
input >> line;
std::cout << line << " " << std::endl;
}
std::cout << "====sig===" << std::endl;
clearTextFileName = line;
input >> line;
input >> line;
std::string sig2file = line;
std::cout << std::endl;
std::cout << "clear file: " << clearTextFileName << std::endl;
std::cout << "sig2 file: " << sig2file << std::endl;
//load signature
std::string signedTxt;
FileSource(clearTextFileName.c_str(), true, new StringSink(signedTxt));
std::string signature;
FileSource(sig2file.c_str(), true, new StringSink(signature));
//std::cout << std::endl << "signature " << std::noskipws << signature << std::endl;
//std::cout << std::endl << "pubicKeyNumber " << pubicKeyNumber << std::endl;
std::string pubFile;
pubFile = instance + "-key" + std::to_string(pubicKeyNumber) + ".pub";
std::cout << "pub file: " << pubFile << std::endl;
CryptoPP::RSA::PublicKey currentPubKey = loadPubFile(pubFile);
AutoSeededRandomPool rng;
std::cout << "pub key validate " << currentPubKey.Validate(rng, 1);
std::cout << std::endl << "start verify" << std::endl;
RSASSA_PKCS1v15_SHA_Verifier verifier(currentPubKey);
std::string combined(signedTxt);
combined.append(signature);
try
{
StringSource(combined, true,
new SignatureVerificationFilter(verifier, NULL, SignatureVerificationFilter::THROW_EXCEPTION) );
std::cout << "Signature OK" << std::endl;
return true;
}
catch(SignatureVerificationFilter::SignatureVerificationFailed &err)
{
std::cout << "verify error " << err.what() << std::endl;
return false;
}
//std::cout << "end of RsaVerifyFile" << std::endl;
}
