void ExtensionSecurityBlock::encrypt(dtn::data::Bundle& bundle, const SecurityKey &key, dtn::data::Bundle::iterator it, const dtn::data::EID& source, const dtn::data::EID& destination)
{
uint32_t salt = 0;
// load the rsa key
RSA *rsa_key = key.getRSA();
// key used for encrypting the block. the key will be encrypted using RSA
unsigned char ephemeral_key[ibrcommon::AES128Stream::key_size_in_bytes];
createSaltAndKey(salt, ephemeral_key, ibrcommon::AES128Stream::key_size_in_bytes);
dtn::security::ExtensionSecurityBlock& esb = SecurityBlock::encryptBlock<ExtensionSecurityBlock>(bundle, it, salt, ephemeral_key);
// set the source and destination address of the new block
if (source != bundle.source) esb.setSecuritySource( source );
if (destination != bundle.destination) esb.setSecurityDestination( destination );
// encrypt the ephemeral key and place it in _ciphersuite_params
addSalt(esb._ciphersuite_params, salt);
addKey(esb._ciphersuite_params, ephemeral_key, ibrcommon::AES128Stream::key_size_in_bytes, rsa_key);
esb._ciphersuite_flags |= CONTAINS_CIPHERSUITE_PARAMS;
// free the rsa key
key.free(rsa_key);
}
void ExtensionSecurityBlock::decrypt(dtn::data::Bundle& bundle, const SecurityKey &key, const dtn::security::ExtensionSecurityBlock& block)
{
// load the rsa key
RSA *rsa_key = key.getRSA();
// get key, convert with reinterpret_cast
unsigned char keydata[ibrcommon::AES128Stream::key_size_in_bytes];
if (!getKey(block._ciphersuite_params, keydata, ibrcommon::AES128Stream::key_size_in_bytes, rsa_key))
{
IBRCOMMON_LOGGER_ex(critical) << "could not get symmetric key decrypted" << IBRCOMMON_LOGGER_ENDL;
throw ibrcommon::Exception("could not extract the key");
}
// get salt, convert with stringstream
u_int32_t salt = getSalt(block._ciphersuite_params);
SecurityBlock::decryptBlock(bundle, block, salt, keydata);
}
