IBR-DTNSuite: ibrdtn/ibrdtn/security/ExtensionSecurityBlock.cpp Source File

Go to the documentation of this file.
00001 #include "ibrdtn/security/ExtensionSecurityBlock.h"
00002 #include <ibrcommon/Logger.h>
00003 #include "ibrdtn/data/Serializer.h"
00004 #include "ibrdtn/data/Bundle.h"
00005 #include <openssl/err.h>
00006 #include <openssl/rsa.h>
00007 
00008 #ifdef __DEVELOPMENT_ASSERTIONS__
00009 #include <cassert>
00010 #endif
00011 
00012 namespace dtn
00013 {
00014         namespace security
00015         {
00016                 dtn::data::Block* ExtensionSecurityBlock::Factory::create()
00017                 {
00018                         return new ExtensionSecurityBlock();
00019                 }
00020 
00021                 ExtensionSecurityBlock::ExtensionSecurityBlock()
00022                  : SecurityBlock(EXTENSION_SECURITY_BLOCK, ESB_RSA_AES128_EXT)
00023                 {
00024                 }
00025 
00026                 ExtensionSecurityBlock::~ExtensionSecurityBlock()
00027                 {
00028                 }
00029 
00030                 void ExtensionSecurityBlock::encrypt(dtn::data::Bundle& bundle, const SecurityKey &key, const dtn::data::Block &block, const dtn::data::EID& source, const dtn::data::EID& destination)
00031                 {
00032                         u_int32_t salt = 0;
00033 
00034                         // load the rsa key
00035                         RSA *rsa_key = key.getRSA();
00036 
00037                         // key used for encrypting the block. the key will be encrypted using RSA
00038                         unsigned char ephemeral_key[ibrcommon::AES128Stream::key_size_in_bytes];
00039                         createSaltAndKey(salt, ephemeral_key, ibrcommon::AES128Stream::key_size_in_bytes);
00040 
00041                         dtn::security::ExtensionSecurityBlock& esb = SecurityBlock::encryptBlock<ExtensionSecurityBlock>(bundle, block, salt, ephemeral_key);
00042 
00043                         // set the source and destination address of the new block
00044                         if (source != bundle._source) esb.setSecuritySource( source );
00045                         if (destination != bundle._destination) esb.setSecurityDestination( destination );
00046 
00047                         // encrypt the ephemeral key and place it in _ciphersuite_params
00048                         addSalt(esb._ciphersuite_params, salt);
00049                         addKey(esb._ciphersuite_params, ephemeral_key, ibrcommon::AES128Stream::key_size_in_bytes, rsa_key);
00050                         esb._ciphersuite_flags |= CONTAINS_CIPHERSUITE_PARAMS;
00051 
00052                         // free the rsa key
00053                         key.free(rsa_key);
00054                 }
00055 
00056                 void ExtensionSecurityBlock::decrypt(dtn::data::Bundle& bundle, const SecurityKey &key, const dtn::security::ExtensionSecurityBlock& block)
00057                 {
00058                         // load the rsa key
00059                         RSA *rsa_key = key.getRSA();
00060 
00061                         // get key, convert with reinterpret_cast
00062                         unsigned char keydata[ibrcommon::AES128Stream::key_size_in_bytes];
00063 
00064                         if (!getKey(block._ciphersuite_params, keydata, ibrcommon::AES128Stream::key_size_in_bytes, rsa_key))
00065                         {
00066                                 IBRCOMMON_LOGGER_ex(critical) << "could not get symmetric key decrypted" << IBRCOMMON_LOGGER_ENDL;
00067                                 throw ibrcommon::Exception("could not extract the key");
00068                         }
00069 
00070                         // get salt, convert with stringstream
00071                         u_int32_t salt = getSalt(block._ciphersuite_params);
00072 
00073                         SecurityBlock::decryptBlock(bundle, block, salt, keydata);
00074                 }
00075 
00076                 void ExtensionSecurityBlock::decrypt(dtn::data::Bundle& bundle, const SecurityKey &key, u_int64_t correlator)
00077                 {
00078                         const std::list<const dtn::security::ExtensionSecurityBlock*> blocks = bundle.getBlocks<ExtensionSecurityBlock>();
00079 
00080                         for (std::list<const dtn::security::ExtensionSecurityBlock*>::const_iterator it = blocks.begin(); it != blocks.end(); it++)
00081                         {
00082                                 const dtn::security::ExtensionSecurityBlock &esb = (**it);
00083 
00084                                 if ((correlator == 0) || (correlator == esb._correlator))
00085                                 {
00086                                         decrypt(bundle, key, esb);
00087                                 }
00088                         }
00089                 }
00090         }
00091 }