std::unique_ptr<ArchiveKeys> ArchiveKeys::create_and_save(std::ostream &stream, RsaKeyPair *keypair){
std::unique_ptr<ArchiveKeys> ret;
if (keypair){
ret = make_unique(new ArchiveKeys(CryptoPP::Twofish::MAX_KEYLENGTH, CryptoPP::Twofish::BLOCKSIZE));
CryptoPP::RSA::PublicKey pub;
auto &public_key = keypair->get_public_key();
pub.Load(CryptoPP::ArraySource((const byte *)&public_key[0], public_key.size(), true));
typedef CryptoPP::RSAES<CryptoPP::OAEP<CryptoPP::SHA>>::Encryptor encryptor_t;
typedef CryptoPP::PK_EncryptorFilter filter_t;
encryptor_t enc(pub);
CryptoPP::SecByteBlock buffer(ret->get_size());
size_t offset = 0;
for (size_t i = 0; i < ret->key_count; i++){
auto &key = ret->get_key(i);
auto &iv = ret->get_iv(i);
memcpy(buffer.data() + offset, key.data(), key.size());
offset += key.size();
memcpy(buffer.data() + offset, iv.data(), iv.size());
offset += iv.size();
}
CryptoPP::ArraySource(buffer.data(), buffer.size(), true, new filter_t(*random_number_generator, enc, new CryptoPP::FileSink(stream)));
}
return ret;
}
shared_ptr<ndn::Data>
makeData( shared_ptr<const ndn::Interest> interest ) override
{
bool verified = false;
if( !interest->hasPayload() )
return NULL;
Block payload( interest->getPayload(),
interest->getPayloadLength() );
try
{
payload.parse();
NdnTagVerificationRequest request( payload );
const KeyLocator& locator = request.getLocator();
if( locator.getType() != KeyLocator::KeyLocator_KeyDigest )
{
verified = false;
}
else
{
CryptoPP::RSA::PublicKey pkey;
const Block& key_digest = locator.getKeyDigest();
string keystr( (char*)key_digest.value(), key_digest.value_size() );
CryptoPP::StringSource keysource( keystr, true );
pkey.Load( keysource );
NdnVerifier verifier( pkey );
verified = verifier.verify( request.getTag() );
}
auto data = make_shared< Data >( interest->getName() );
data->setContentType( tlv::ContentType_Blob );
data->setFreshnessPeriod( time::milliseconds( 0 ) );
NdnTagVerificationResponse response( request.getTag(),
verified );
data->setContent( response.wireEncode() );
// no legit signature is required since
// packets/interests with the prefix "ndn/internal"
// should be rejected by network gateways
Signature sig( SignatureInfo( tlv::SignatureNone ),
Block( tlv::SignatureValue ) );
data->setSignature( sig );
data->wireEncode();
return data;
}
catch( ... )
{
return NULL;
}
}
string RSA_Encryption(const string & plain){
//Encryption
AutoSeededRandomPool rng;
//Load public key
CryptoPP::RSA::PublicKey pubKey;
CryptoPP::ByteQueue bytes;
FileSource file("pubkey.txt", true, new Base64Decoder);
file.TransferTo(bytes);
bytes.MessageEnd();
pubKey.Load(bytes);
RSAES_OAEP_SHA_Encryptor e(pubKey);
string cipher;
StringSource ss1(plain, true,
new PK_EncryptorFilter(rng, e,
new StringSink(cipher)
) // PK_EncryptorFilter
); // StringSource
return cipher;
}
