void QRCodeProtocol::begin(KeyExchangeSession &session, KeyExchangeData &data)
		{
			// get existing security key
			SecurityKey key = SecurityKeyManager::getInstance().get(session.getPeer(), SecurityKey::KEY_PUBLIC);

			// get key fingerprint
			const std::string fingerprint = key.getFingerprint();

			// prepare a response
			KeyExchangeData response(KeyExchangeData::COMPLETE, session);

			if (fingerprint == data.str())
			{
				// store existing key with HIGH trust level
				session.putKey(key.getData(), key.type, SecurityKey::HIGH);

				// finish the key-exchange
				manager.finish(session);
			}
			else
			{
				// signal error
				throw ibrcommon::Exception("fingerprint is missing");
			}
		}
		void ExtensionSecurityBlock::encrypt(dtn::data::Bundle& bundle, const SecurityKey &key, dtn::data::Bundle::iterator it, const dtn::data::EID& source, const dtn::data::EID& destination)
		{
			uint32_t salt = 0;

			// load the rsa key
			RSA *rsa_key = key.getRSA();

			// key used for encrypting the block. the key will be encrypted using RSA
			unsigned char ephemeral_key[ibrcommon::AES128Stream::key_size_in_bytes];
			createSaltAndKey(salt, ephemeral_key, ibrcommon::AES128Stream::key_size_in_bytes);

			dtn::security::ExtensionSecurityBlock& esb = SecurityBlock::encryptBlock<ExtensionSecurityBlock>(bundle, it, salt, ephemeral_key);

			// set the source and destination address of the new block
			if (source != bundle.source) esb.setSecuritySource( source );
			if (destination != bundle.destination) esb.setSecurityDestination( destination );

			// encrypt the ephemeral key and place it in _ciphersuite_params
			addSalt(esb._ciphersuite_params, salt);
			addKey(esb._ciphersuite_params, ephemeral_key, ibrcommon::AES128Stream::key_size_in_bytes, rsa_key);
			esb._ciphersuite_flags |= CONTAINS_CIPHERSUITE_PARAMS;

			// free the rsa key
			key.free(rsa_key);
		}
示例#3
0
void handleRequests(const string_t& requests) {
    try {
        Poco::Path pp(requests);
        Poco::Path lics = pp.parent().makeDirectory().pushDirectory("licenses");

        Poco::FileInputStream fis(requests);

        while (!fis.eof()) {
            string_t sl;
            string_t sha;
            string_t user;

            std::getline(fis, sl);

            /// check if there is custom mapping file specified current font
            string_t::size_type p = sl.find('|');
            sha = sl.substr(0, p);
            sl = Poco::trim(sl);

            if (p != string_t::npos)
                user = sl.substr(p + 1);

            sha = Poco::trim(sha);
            user = Poco::trim(user);

            if (sha.empty())
                continue;

            Poco::Path tmp = lics;
            tmp.pushDirectory(sha); 
            string_t ss = tmp.toString();

            if ( !Poco::File(ss + LICENSE_FILE).exists() ) {
                SecurityKey sk;
                sk.create(sha, false);

                Poco::File(ss).createDirectories();
                sk.save(ss + LICENSE_FILE);
            }
        }
    }
    catch (const std::exception& e) {
        std::cout << e.what() << std::endl;
    }
    catch (...) {

    }
}
		void PayloadIntegrityBlock::verify(const dtn::data::Bundle &bundle, const SecurityKey &key)
		{
			// iterate over all PIBs to find the right one
			dtn::data::Bundle::const_find_iterator it(bundle.begin(), PayloadIntegrityBlock::BLOCK_TYPE);

			while (it.next(bundle.end()))
			{
				const PayloadIntegrityBlock &sb = dynamic_cast<const PayloadIntegrityBlock&>(**it);

				// check if we have the public key of the security source
				// skip this block if the given key isn't the right one
				if (!sb.isSecuritySource(bundle, key.reference)) continue;

				// check the correct algorithm
				if (sb._ciphersuite_id != SecurityBlock::PIB_RSA_SHA256)
				{
					throw VerificationFailedException("can not verify the PIB because of an invalid algorithm");
				}

				EVP_PKEY *pkey = key.getEVP();
				if (pkey == NULL) throw VerificationFailedException("verification error");

				ibrcommon::RSASHA256Stream rs2s(pkey, true);

				// serialize the bundle in the mutable form
				dtn::security::MutableSerializer ms(rs2s, &sb);
				(dtn::data::DefaultSerializer&)ms << bundle; rs2s << std::flush;

				try {
					int ret = rs2s.getVerification(sb._security_result.get(SecurityBlock::integrity_signature));
					SecurityKey::free(pkey);

					if (ret > 0)
					{
						// success!
						return;
					}
					else if (ret < 0)
					{
						throw VerificationFailedException("verification error");
					}
				} catch (const ElementMissingException&) {
					// This PIB can not verified due to a missing integrity signature
					throw VerificationFailedException("Integrity signature is missing!");
				}
			}

			throw VerificationFailedException("verification failed");
		}
		void ExtensionSecurityBlock::decrypt(dtn::data::Bundle& bundle, const SecurityKey &key, const dtn::security::ExtensionSecurityBlock& block)
		{
			// load the rsa key
			RSA *rsa_key = key.getRSA();

			// get key, convert with reinterpret_cast
			unsigned char keydata[ibrcommon::AES128Stream::key_size_in_bytes];

			if (!getKey(block._ciphersuite_params, keydata, ibrcommon::AES128Stream::key_size_in_bytes, rsa_key))
			{
				IBRCOMMON_LOGGER_ex(critical) << "could not get symmetric key decrypted" << IBRCOMMON_LOGGER_ENDL;
				throw ibrcommon::Exception("could not extract the key");
			}

			// get salt, convert with stringstream
			u_int32_t salt = getSalt(block._ciphersuite_params);

			SecurityBlock::decryptBlock(bundle, block, salt, keydata);
		}
		void PayloadIntegrityBlock::setResultSize(const SecurityKey &key)
		{
			EVP_PKEY *pkey = key.getEVP();

			// size of integrity_signature
			if ((result_size = EVP_PKEY_size(pkey)) > 0)
			{
				// sdnv length
				result_size += dtn::data::Number(result_size).getLength();

				// type
				result_size++;
			}
			else
			{
				result_size = _security_result.getLength();
			}

			SecurityKey::free(pkey);
		}
		const std::string PayloadIntegrityBlock::calcHash(const dtn::data::Bundle &bundle, const SecurityKey &key, PayloadIntegrityBlock& ignore)
		{
			EVP_PKEY *pkey = key.getEVP();
			ibrcommon::RSASHA256Stream rs2s(pkey);

			// serialize the bundle in the mutable form
			dtn::security::MutableSerializer ms(rs2s, &ignore);
			(dtn::data::DefaultSerializer&)ms << bundle; rs2s << std::flush;

			int return_code = rs2s.getSign().first;
			std::string sign_string = rs2s.getSign().second;
			SecurityKey::free(pkey);

			if (return_code)
				return sign_string;
			else
			{
				IBRCOMMON_LOGGER_ex(critical) << "an error occured at the creation of the hash and it is invalid" << IBRCOMMON_LOGGER_ENDL;
				ERR_print_errors_fp(stderr);
				return std::string("");
			}
		}
SecurityKey MockKeyGenerator::generateKey() {
    SecurityKey key;

    key.loadString("C0 C1 C2 C3 C4 C5 C6 C7 C8 C9 CA CB CC CD CE CF");
    return key;
}