IBR-DTNSuite
0.8
|
00001 #include "ibrdtn/security/ExtensionSecurityBlock.h" 00002 #include <ibrcommon/Logger.h> 00003 #include "ibrdtn/data/Serializer.h" 00004 #include "ibrdtn/data/Bundle.h" 00005 #include <openssl/err.h> 00006 #include <openssl/rsa.h> 00007 00008 #ifdef __DEVELOPMENT_ASSERTIONS__ 00009 #include <cassert> 00010 #endif 00011 00012 namespace dtn 00013 { 00014 namespace security 00015 { 00016 dtn::data::Block* ExtensionSecurityBlock::Factory::create() 00017 { 00018 return new ExtensionSecurityBlock(); 00019 } 00020 00021 ExtensionSecurityBlock::ExtensionSecurityBlock() 00022 : SecurityBlock(EXTENSION_SECURITY_BLOCK, ESB_RSA_AES128_EXT) 00023 { 00024 } 00025 00026 ExtensionSecurityBlock::~ExtensionSecurityBlock() 00027 { 00028 } 00029 00030 void ExtensionSecurityBlock::encrypt(dtn::data::Bundle& bundle, const SecurityKey &key, const dtn::data::Block &block, const dtn::data::EID& source, const dtn::data::EID& destination) 00031 { 00032 u_int32_t salt = 0; 00033 00034 // load the rsa key 00035 RSA *rsa_key = key.getRSA(); 00036 00037 // key used for encrypting the block. the key will be encrypted using RSA 00038 unsigned char ephemeral_key[ibrcommon::AES128Stream::key_size_in_bytes]; 00039 createSaltAndKey(salt, ephemeral_key, ibrcommon::AES128Stream::key_size_in_bytes); 00040 00041 dtn::security::ExtensionSecurityBlock& esb = SecurityBlock::encryptBlock<ExtensionSecurityBlock>(bundle, block, salt, ephemeral_key); 00042 00043 // set the source and destination address of the new block 00044 if (source != bundle._source) esb.setSecuritySource( source ); 00045 if (destination != bundle._destination) esb.setSecurityDestination( destination ); 00046 00047 // encrypt the ephemeral key and place it in _ciphersuite_params 00048 addSalt(esb._ciphersuite_params, salt); 00049 addKey(esb._ciphersuite_params, ephemeral_key, ibrcommon::AES128Stream::key_size_in_bytes, rsa_key); 00050 esb._ciphersuite_flags |= CONTAINS_CIPHERSUITE_PARAMS; 00051 00052 // free the rsa key 00053 key.free(rsa_key); 00054 } 00055 00056 void ExtensionSecurityBlock::decrypt(dtn::data::Bundle& bundle, const SecurityKey &key, const dtn::security::ExtensionSecurityBlock& block) 00057 { 00058 // load the rsa key 00059 RSA *rsa_key = key.getRSA(); 00060 00061 // get key, convert with reinterpret_cast 00062 unsigned char keydata[ibrcommon::AES128Stream::key_size_in_bytes]; 00063 00064 if (!getKey(block._ciphersuite_params, keydata, ibrcommon::AES128Stream::key_size_in_bytes, rsa_key)) 00065 { 00066 IBRCOMMON_LOGGER_ex(critical) << "could not get symmetric key decrypted" << IBRCOMMON_LOGGER_ENDL; 00067 throw ibrcommon::Exception("could not extract the key"); 00068 } 00069 00070 // get salt, convert with stringstream 00071 u_int32_t salt = getSalt(block._ciphersuite_params); 00072 00073 SecurityBlock::decryptBlock(bundle, block, salt, keydata); 00074 } 00075 00076 void ExtensionSecurityBlock::decrypt(dtn::data::Bundle& bundle, const SecurityKey &key, u_int64_t correlator) 00077 { 00078 const std::list<const dtn::security::ExtensionSecurityBlock*> blocks = bundle.getBlocks<ExtensionSecurityBlock>(); 00079 00080 for (std::list<const dtn::security::ExtensionSecurityBlock*>::const_iterator it = blocks.begin(); it != blocks.end(); it++) 00081 { 00082 const dtn::security::ExtensionSecurityBlock &esb = (**it); 00083 00084 if ((correlator == 0) || (correlator == esb._correlator)) 00085 { 00086 decrypt(bundle, key, esb); 00087 } 00088 } 00089 } 00090 } 00091 }