#include <PayloadConfidentialBlock.h>

Inheritance diagram for dtn::security::PayloadConfidentialBlock:

Collaboration diagram for dtn::security::PayloadConfidentialBlock:

Classes
class	Factory

Public Member Functions
virtual	~PayloadConfidentialBlock ()

Public Member Functions inherited from dtn::security::SecurityBlock
virtual	~SecurityBlock ()=0

virtual dtn::data::Length	getLength () const

virtual dtn::data::Length	getLength_mutable () const

virtual std::ostream &	serialize (std::ostream &stream, dtn::data::Length &length) const

virtual std::ostream &	serialize_strict (std::ostream &stream, dtn::data::Length &length) const

virtual std::istream &	deserialize (std::istream &stream, const dtn::data::Length &length)

const dtn::data::EID	getSecuritySource () const

const dtn::data::EID	getSecurityDestination () const

void	setSecuritySource (const dtn::data::EID &source)

void	setSecurityDestination (const dtn::data::EID &destination)

bool	isSecuritySource (const dtn::data::Bundle &, const dtn::data::EID &) const

bool	isSecurityDestination (const dtn::data::Bundle &, const dtn::data::EID &) const

const dtn::data::EID	getSecuritySource (const dtn::data::Bundle &) const

const dtn::data::EID	getSecurityDestination (const dtn::data::Bundle &) const

template<class T >
T &	encryptBlock (dtn::data::Bundle &bundle, dtn::data::Bundle::iterator &it, uint32_t salt, const unsigned char ephemeral_key[ibrcommon::AES128Stream::key_size_in_bytes])

Public Member Functions inherited from dtn::data::Block
virtual	~Block ()

Block &	operator= (const Block &block)

bool	operator== (const block_t &id) const

virtual void	addEID (const dtn::data::EID &eid)

virtual void	clearEIDs ()

virtual const eid_list &	getEIDList () const

const block_t &	getType () const

void	set (ProcFlags flag, const bool &value)

bool	get (ProcFlags flag) const

const Bitset< ProcFlags > &	getProcessingFlags () const

virtual Length	getLength_strict () const

Static Public Member Functions
static void	encrypt (dtn::data::Bundle &bundle, const dtn::security::SecurityKey &long_key, const dtn::data::EID &source)

static void	decrypt (dtn::data::Bundle &bundle, const dtn::security::SecurityKey &long_key)

Static Public Attributes
static const dtn::data::block_t	BLOCK_TYPE = SecurityBlock::PAYLOAD_CONFIDENTIAL_BLOCK

Protected Member Functions
	PayloadConfidentialBlock ()

Protected Member Functions inherited from dtn::security::SecurityBlock
void	store_security_references ()

	SecurityBlock (const SecurityBlock::BLOCK_TYPES type, const CIPHERSUITE_IDS id)

	SecurityBlock (const SecurityBlock::BLOCK_TYPES type)

void	setCiphersuiteId (const CIPHERSUITE_IDS id)

void	setCorrelator (const dtn::data::Number &corr)

virtual MutableSerializer &	serialize_mutable (MutableSerializer &serializer, bool include_security_result=true) const

virtual dtn::data::Length	getSecurityResultSize () const

Protected Member Functions inherited from dtn::data::Block
	Block (block_t blocktype)

Static Protected Member Functions
static bool	decryptPayload (dtn::data::Bundle &bundle, const unsigned char ephemeral_key[ibrcommon::AES128Stream::key_size_in_bytes], const uint32_t salt)

Static Protected Member Functions inherited from dtn::security::SecurityBlock
static bool	isCorrelatorPresent (const dtn::data::Bundle &bundle, const dtn::data::Number &correlator)

static dtn::data::Number	createCorrelatorValue (const dtn::data::Bundle &bundle)

static void	createSaltAndKey (uint32_t &salt, unsigned char *key, dtn::data::Length key_size)

static void	addKey (TLVList &security_parameter, unsigned char const const key, dtn::data::Length key_size, RSA rsa)

static bool	getKey (const TLVList &security_parameter, unsigned char key, dtn::data::Length key_size, RSA rsa)

static void	addSalt (TLVList &security_parameters, const uint32_t &salt)

static uint32_t	getSalt (const TLVList &security_parameters)

static void	copyEID (const dtn::data::Block &from, dtn::data::Block &to, dtn::data::Length skip=0)

template<class T >
static T &	encryptBlock (dtn::data::Bundle &bundle, dtn::data::Bundle::iterator &it, uint32_t salt, const unsigned char ephemeral_key[ibrcommon::AES128Stream::key_size_in_bytes])

static void	decryptBlock (dtn::data::Bundle &bundle, dtn::data::Bundle::iterator &it, uint32_t salt, const unsigned char key[ibrcommon::AES128Stream::key_size_in_bytes])

static void	addFragmentRange (TLVList &ciphersuite_params, const dtn::data::Number &fragmentoffset, const dtn::data::Number &payload_length)

Friends
class	dtn::data::Bundle

Additional Inherited Members
Public Types inherited from dtn::security::SecurityBlock
enum	BLOCK_TYPES { BUNDLE_AUTHENTICATION_BLOCK = 0x02, PAYLOAD_INTEGRITY_BLOCK = 0x03, PAYLOAD_CONFIDENTIAL_BLOCK = 0x04, EXTENSION_SECURITY_BLOCK = 0x09 }

enum	TLV_TYPES { not_set = 0, initialization_vector = 1, key_information = 3, fragment_range = 4, integrity_signature = 5, salt = 7, PCB_integrity_check_value = 8, encapsulated_block = 10, block_type_of_encapsulated_block = 11 }

enum	CIPHERSUITE_FLAGS { CONTAINS_SECURITY_RESULT = 1 << 0, CONTAINS_CORRELATOR = 1 << 1, CONTAINS_CIPHERSUITE_PARAMS = 1 << 2, CONTAINS_SECURITY_DESTINATION = 1 << 3, CONTAINS_SECURITY_SOURCE = 1 << 4, BIT5_RESERVED = 1 << 5, BIT6_RESERVED = 1 << 6 }

enum	CIPHERSUITE_IDS { BAB_HMAC = 0x001, PIB_RSA_SHA256 = 0x002, PCB_RSA_AES128_PAYLOAD_PIB_PCB = 0x003, ESB_RSA_AES128_EXT = 0x004 }

Protected Attributes inherited from dtn::security::SecurityBlock
dtn::data::Number	_ciphersuite_id

dtn::data::Bitset < CIPHERSUITE_FLAGS >	_ciphersuite_flags

dtn::data::Number	_correlator

TLVList	_ciphersuite_params

TLVList	_security_result

dtn::data::EID	_security_destination

dtn::data::EID	_security_source

Detailed Description

The PayloadConfidentialBlock encrypts the payload, PayloadConfidentialBlocks, which are already there and PayloadIntegrityBlocks, which are already there. Payload Confidential or Integrity Blocks are encrypted because they can contain e.g. signatures which make guessing the plaintext easier. You can instantiate a factory, which will take care of everything. The factory can be given a rsa key and the corresponding node. You may wish to add more keys using addDestination(), so one or more nodes are able to recover the payload. For each destination a PayloadConfidentialBlock is placed in the bundle, when calling encrypt(). Be sure, that no other PayloadConfidentialBlocks or PayloadIntegrityBlocks are inside this bundle if using encryption with more than one key.

Definition at line 46 of file PayloadConfidentialBlock.h.

Constructor & Destructor Documentation

dtn::security::PayloadConfidentialBlock::~PayloadConfidentialBlock ( )

virtual

does nothing

Definition at line 56 of file PayloadConfidentialBlock.cpp.

dtn::security::PayloadConfidentialBlock::PayloadConfidentialBlock ( )

protected

Creates an empty PayloadConfidentialBlock. With ciphersuite_id set to PCB_RSA_AES128_PAYLOAD_PIB_PCB

Definition at line 51 of file PayloadConfidentialBlock.cpp.

Referenced by dtn::security::PayloadConfidentialBlock::Factory::create().

Member Function Documentation

void dtn::security::PayloadConfidentialBlock::decrypt	(	dtn::data::Bundle &	bundle,
		const dtn::security::SecurityKey &	long_key
	)

static

Decrypts the Payload inside this Bundle. All correlated Blocks, which are found, will be decrypted, too, placed at the position, where their PayloadConfidentialBlock was, which contained them. After a matching PayloadConfidentialBlock with key information is searched by looking after the security destination. If the payload has been decrypted successfully, the correlated blocks will be decrypted. If one block fails to decrypt, it will be deleted.

Parameters

bundle the bundle with the to be decrypted payload

Returns: true if decryption has been successfull, false otherwise

Definition at line 156 of file PayloadConfidentialBlock.cpp.

Referenced by dtn::security::SecurityManager::decrypt(), and decryptPayload().

Here is the call graph for this function:

bool dtn::security::PayloadConfidentialBlock::decryptPayload	(	dtn::data::Bundle &	bundle,
		const unsigned char	ephemeral_key[ibrcommon::AES128Stream::key_size_in_bytes],
		const uint32_t	salt
	)

staticprotected

Decrypts the payload using the ephemeral_key and salt.

Parameters

bundle	the payload containing bundle
ephemeral_key	the AES key
salt	the salt

Returns: true if tag verification succeeded, false otherwise

Definition at line 265 of file PayloadConfidentialBlock.cpp.

References dtn::security::SecurityBlock::_ciphersuite_params, dtn::security::SecurityBlock::_security_result, ibrcommon::CipherStream::CIPHER_DECRYPT, decrypt(), ibrcommon::LogLevel::error, dtn::data::Bundle::find(), dtn::security::SecurityBlock::TLVList::get(), IBRCOMMON_LOGGER_ENDL, IBRCOMMON_LOGGER_TAG, dtn::security::SecurityBlock::initialization_vector, ibrcommon::BLOB::Reference::iostream(), ibrcommon::AES128Stream::iv_len, dtn::security::SecurityBlock::PCB_integrity_check_value, ibrcommon::AES128Stream::tag_len, and ibrcommon::AES128Stream::verify().

Referenced by decrypt().

Here is the call graph for this function:

void dtn::security::PayloadConfidentialBlock::encrypt	(	dtn::data::Bundle &	bundle,
		const dtn::security::SecurityKey &	long_key,
		const dtn::data::EID &	source
	)

static

Encrypts the Payload inside this Bundle. If PIBs or PCBs are found, they will be encrypted, too, with a correlator set. The encrypted blocks will be each placed inside a PayloadConfidentialBlock, which will be inserted at the same place, except for the payload, which be encrypted in place.

Parameters

bundle the bundle with the to be encrypted payload

Definition at line 60 of file PayloadConfidentialBlock.cpp.