/** * Copyright (C) 2015-2016 Regents of the University of California. * @author: Jeff Thompson <jefft0@remap.ucla.edu> * @author: From ndn-group-encrypt src/encryptor https://github.com/named-data/ndn-group-encrypt * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU Lesser General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public License * along with this program. If not, see <http://www.gnu.org/licenses/>. * A copy of the GNU Lesser General Public License is in the file COPYING. *//** @ignore */var Crypto = require('../../crypto.js'); /** @ignore */var Name = require('../../name.js').Name; /** @ignore */var KeyLocator = require('../../key-locator.js').KeyLocator; /** @ignore */var KeyLocatorType = require('../../key-locator.js').KeyLocatorType; /** @ignore */var TlvWireFormat = require('../../encoding/tlv-wire-format.js').TlvWireFormat; /** @ignore */var Blob = require('../../util/blob.js').Blob; /** @ignore */var AesAlgorithm = require('./aes-algorithm.js').AesAlgorithm; /** @ignore */var RsaAlgorithm = require('./rsa-algorithm.js').RsaAlgorithm; /** @ignore */var EncryptParams = require('./encrypt-params.js').EncryptParams; /** @ignore */var EncryptAlgorithmType = require('./encrypt-params.js').EncryptAlgorithmType; /** @ignore */var EncryptedContent = require('../encrypted-content.js').EncryptedContent; /** @ignore */var SyncPromise = require('../../util/sync-promise.js').SyncPromise;/** * Encryptor has static constants and utility methods for encryption, such as * encryptData. * @constructor */var Encryptor = function Encryptor(value){};exports.Encryptor = Encryptor;Encryptor.NAME_COMPONENT_FOR = new Name.Component("FOR");Encryptor.NAME_COMPONENT_READ = new Name.Component("READ");Encryptor.NAME_COMPONENT_SAMPLE = new Name.Component("SAMPLE");Encryptor.NAME_COMPONENT_ACCESS = new Name.Component("ACCESS");Encryptor.NAME_COMPONENT_E_KEY = new Name.Component("E-KEY");Encryptor.NAME_COMPONENT_D_KEY = new Name.Component("D-KEY");Encryptor.NAME_COMPONENT_C_KEY = new Name.Component("C-KEY");/** * Prepare an encrypted data packet by encrypting the payload using the key * according to the params. In addition, this prepares the encoded * EncryptedContent with the encryption result using keyName and params. The * encoding is set as the content of the data packet. If params defines an * asymmetric encryption algorithm and the payload is larger than the maximum * plaintext size, this encrypts the payload with a symmetric key that is * asymmetrically encrypted and provided as a nonce in the content of the data * packet. The packet's /<dataName>/ is updated to be <dataName>/FOR/<keyName>. * @param {Data} data The data packet which is updated. * @param {Blob} payload The payload to encrypt. * @param {Name} keyName The key name for the EncryptedContent. * @param {Blob} key The encryption key value. * @param {EncryptParams} params The parameters for encryption. * @param {boolean} useSync (optional) If true then return a SyncPromise which * is already fulfilled. If omitted or false, this may return a SyncPromise or * an async Promise. * @return {Promise|SyncPromise} A promise which fulfills when the data packet * is updated. */Encryptor.encryptDataPromise = function (data, payload, keyName, key, params, useSync){ var dataName = data.getName(); dataName.append(Encryptor.NAME_COMPONENT_FOR).append(keyName); data.setName(dataName); var algorithmType = params.getAlgorithmType(); if (algorithmType == EncryptAlgorithmType.AesCbc || algorithmType == EncryptAlgorithmType.AesEcb) { return Encryptor.encryptSymmetricPromise_ (payload, key, keyName, params, useSync) .then(function(content) { data.setContent(content.wireEncode(TlvWireFormat.get())); return SyncPromise.resolve(); }); } else if (algorithmType == EncryptAlgorithmType.RsaPkcs || algorithmType == EncryptAlgorithmType.RsaOaep) { // Node.js doesn't have a direct way to get the maximum plain text size, so // try to encrypt the payload first and catch the error if it is too big. return Encryptor.encryptAsymmetricPromise_ (payload, key, keyName, params, useSync) .then(function(content) { data.setContent(content.wireEncode(TlvWireFormat.get())); return SyncPromise.resolve(); }, function(err) { if (err.message.indexOf("data too large for key size") < 0) // Not the expected error. throw err; // The payload is larger than the maximum plaintext size. // 128-bit nonce. var nonceKeyBuffer = Crypto.randomBytes(16); var nonceKey = new Blob(nonceKeyBuffer, false); var nonceKeyName = new Name(keyName); nonceKeyName.append("nonce"); var symmetricParams = new EncryptParams (EncryptAlgorithmType.AesCbc, AesAlgorithm.BLOCK_SIZE); var nonceContent; return Encryptor.encryptSymmetricPromise_ (payload, nonceKey, nonceKeyName, symmetricParams, useSync) .then(function(localNonceContent) { nonceContent = localNonceContent; return Encryptor.encryptAsymmetricPromise_ (nonceKey, key, keyName, params, useSync); }) .then(function(payloadContent) { var nonceContentEncoding = nonceContent.wireEncode(); var payloadContentEncoding = payloadContent.wireEncode(); var content = new Buffer (nonceContentEncoding.size() + payloadContentEncoding.size()); payloadContentEncoding.buf().copy(content, 0); nonceContentEncoding.buf().copy(content, payloadContentEncoding.size()); data.setContent(new Blob(content, false)); return SyncPromise.resolve(); }); }); } else return SyncPromise.reject(new Error("Unsupported encryption method"));};/** * Prepare an encrypted data packet by encrypting the payload using the key * according to the params. In addition, this prepares the encoded * EncryptedContent with the encryption result using keyName and params. The * encoding is set as the content of the data packet. If params defines an * asymmetric encryption algorithm and the payload is larger than the maximum * plaintext size, this encrypts the payload with a symmetric key that is * asymmetrically encrypted and provided as a nonce in the content of the data * packet. * @param {Data} data The data packet which is updated. * @param {Blob} payload The payload to encrypt. * @param {Name} keyName The key name for the EncryptedContent. * @param {Blob} key The encryption key value. * @param {EncryptParams} params The parameters for encryption. * @throws Error If encryptPromise doesn't return a SyncPromise which is * already fulfilled. */Encryptor.encryptData = function(data, payload, keyName, key, params){ return SyncPromise.getValue(Encryptor.encryptDataPromise (data, payload, keyName, key, params, true));};/** * Encrypt the payload using the symmetric key according to params, and return * an EncryptedContent. * @param {Blob} payload The data to encrypt. * @param {Blob} key The key value. * @param {Name} keyName The key name for the EncryptedContent key locator. * @param {EncryptParams} params The parameters for encryption. * @param {boolean} useSync (optional) If true then return a SyncPromise which * is already fulfilled. If omitted or false, this may return a SyncPromise or * an async Promise. * @return {Promise|SyncPromise} A promise which returns a new EncryptedContent. */Encryptor.encryptSymmetricPromise_ = function (payload, key, keyName, params, useSync){ var algorithmType = params.getAlgorithmType(); var initialVector = params.getInitialVector(); var keyLocator = new KeyLocator(); keyLocator.setType(KeyLocatorType.KEYNAME); keyLocator.setKeyName(keyName); if (algorithmType == EncryptAlgorithmType.AesCbc || algorithmType == EncryptAlgorithmType.AesEcb) { if (algorithmType == EncryptAlgorithmType.AesCbc) { if (initialVector.size() != AesAlgorithm.BLOCK_SIZE) return SyncPromise.reject(new Error("incorrect initial vector size")); } return AesAlgorithm.encryptPromise(key, payload, params, useSync) .then(function(encryptedPayload) { var result = new EncryptedContent(); result.setAlgorithmType(algorithmType); result.setKeyLocator(keyLocator); result.setPayload(encryptedPayload); result.setInitialVector(initialVector); return SyncPromise.resolve(result); }); } else return SyncPromise.reject(new Error("Unsupported encryption method"));};/** * Encrypt the payload using the asymmetric key according to params, and * return an EncryptedContent. * @param {Blob} payload The data to encrypt. The size should be within range of * the key. * @param {Blob} key The key value. * @param {Name} keyName The key name for the EncryptedContent key locator. * @param {EncryptParams} params The parameters for encryption. * @param {boolean} useSync (optional) If true then return a SyncPromise which * is already fulfilled. If omitted or false, this may return a SyncPromise or * an async Promise. * @return {Promise|SyncPromise} A promise which returns a new EncryptedContent. */Encryptor.encryptAsymmetricPromise_ = function (payload, key, keyName, params, useSync){ var algorithmType = params.getAlgorithmType(); var keyLocator = new KeyLocator(); keyLocator.setType(KeyLocatorType.KEYNAME); keyLocator.setKeyName(keyName); if (algorithmType == EncryptAlgorithmType.RsaPkcs || algorithmType == EncryptAlgorithmType.RsaOaep) { return RsaAlgorithm.encryptPromise(key, payload, params, useSync) .then(function(encryptedPayload) { var result = new EncryptedContent(); result.setAlgorithmType(algorithmType); result.setKeyLocator(keyLocator); result.setPayload(encryptedPayload); return SyncPromise.resolve(result); }); } else return SyncPromise.reject(new Error("Unsupported encryption method"));};