A Discrete-Event Network Simulator
API
qkd-encryptor.cc
Go to the documentation of this file.
1 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
2 /*
3  * Copyright (c) 2005,2006 INRIA
4  *
5  * This program is free software; you can redistribute it and/or modify
6  * it under the terms of the GNU General Public License version 2 as
7  * published by the Free Software Foundation;
8  *
9  * This program is distributed in the hope that it will be useful,
10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12  * GNU General Public License for more details.
13  *
14  * You should have received a copy of the GNU General Public License
15  * along with this program; if not, write to the Free Software
16  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
17  *
18  * Author: Miralem Mehic <miralem.mehic@ieee.org>
19  */
20 
21 #define NS_LOG_APPEND_CONTEXT \
22  if (GetObject<Node> ()) { std::clog << "[node " << GetObject<Node> ()->GetId () << "] "; }
23 
24 #include <string>
25 #include <cstdarg>
26 #include <iostream>
27 #include <sstream>
28 #include "ns3/packet.h"
29 #include "ns3/assert.h"
30 #include "ns3/log.h"
31 #include "ns3/node.h"
32 #include "qkd-encryptor.h"
33 
34 namespace ns3 {
35 
36 NS_LOG_COMPONENT_DEFINE ("QKDEncryptor");
37 
38 NS_OBJECT_ENSURE_REGISTERED (QKDEncryptor);
39 
40 static const std::string base64_chars =
41  "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
42  "abcdefghijklmnopqrstuvwxyz"
43  "0123456789+/";
44 
45 static inline bool is_base64(unsigned char c) {
46  return (isalnum(c) || (c == '+') || (c == '/'));
47 }
48 
49 TypeId
51 {
52  static TypeId tid = TypeId ("ns3::QKDEncryptor")
53  .SetParent<Object> ()
54  .AddAttribute ("CompressionEnabled", "Indicates whether a compression of packets is enabled.",
55  BooleanValue (false),
58  .AddAttribute ("EncryptionEnabled", "Indicates whether a real encryption of packets is enabled.",
59  BooleanValue (false),
62 
63  .AddTraceSource ("PacketEncrypted",
64  "The change trance for currenly ecrypted packet",
66  "ns3::QKDEncryptor::PacketEncrypted")
67  .AddTraceSource ("PacketDecrypted",
68  "The change trance for currenly decrypted packet",
70  "ns3::QKDEncryptor::PacketDecrypted")
71 
72  .AddTraceSource ("PacketAuthenticated",
73  "The change trance for currenly authenticated packet",
75  "ns3::QKDEncryptor::PacketAuthenticated")
76  .AddTraceSource ("PacketDeAuthenticated",
77  "The change trance for currenly deauthenticated packet",
79  "ns3::QKDEncryptor::PacketDeAuthenticated")
80  ;
81  return tid;
82 }
83 
85  EncryptionType encryptionType,
86  AuthenticationType authenticationType
87 ){
88  NS_LOG_FUNCTION (this << encryptionType << authenticationType);
89  ChangeSettings(encryptionType, authenticationType, 256);
90  memset( m_iv, 0x00, CryptoPP::AES::BLOCKSIZE );
91 }
92 
94  EncryptionType encryptionType,
95  AuthenticationType authenticationType,
96  uint32_t authTagLength
97 ){
98  NS_LOG_FUNCTION (this << encryptionType << authenticationType);
99  ChangeSettings(encryptionType, authenticationType, authTagLength);
100 }
101 
102 void
104  EncryptionType encryptionType,
105  AuthenticationType authenticationType,
106  uint32_t authTagLength
107 ){
108  if(authTagLength != 128 && authTagLength != 256 ){
109  NS_FATAL_ERROR( this << "Crypto++ supports VMAC with 16 or 32 bytes authentication tag length!");
110  }
111 
112  m_encryptionType = encryptionType;
113  m_authenticationType = authenticationType;
114  m_authenticationTagLengthInBits = authTagLength;
115 }
116 
117 
119 {
120  //NS_LOG_FUNCTION (this);
121 }
122 
123 void
125  m_node = node;
126 }
127 Ptr<Node>
129  return m_node;
130 }
131 
132 void
133 QKDEncryptor::SetIndex (uint32_t index){
134  m_index = index;
135 }
136 uint32_t
138  return m_index;
139 }
140 
141 std::string
142 QKDEncryptor::EncryptMsg (std::string input, std::string key)
143 {
144  NS_LOG_FUNCTION(this << m_encryptionType << input.length() << key.length() );
145 
146  std::string output;
147  switch (m_encryptionType)
148  {
149  case UNENCRYPTED:
150  output = input;
151  break;
152  case QKDCRYPTO_OTP:
153  output = OTP(key, input);
154  break;
155  case QKDCRYPTO_AES:
156  output = AESEncrypt(key, input);
157  break;
158  }
159  return output;
160 }
161 
162 std::string
163 QKDEncryptor::DecryptMsg (std::string input, std::string key)
164 {
165  NS_LOG_FUNCTION(this << m_encryptionType << input.length() << key.length() );
166 
167  std::string output;
168  switch (m_encryptionType)
169  {
170  case UNENCRYPTED:
171  output = input;
172  break;
173  case QKDCRYPTO_OTP:
174  output = OTP(key, input);
175  break;
176  case QKDCRYPTO_AES:
177  output = AESDecrypt(key, input);
178  break;
179  }
180  return output;
181 }
182 
183 std::string
184 QKDEncryptor::Authenticate (std::string& inputString, std::string key)
185 {
186  NS_LOG_FUNCTION (this << inputString.length() << key.length());
187  switch (m_authenticationType)
188  {
189  case UNAUTHENTICATED:
190  break;
191  case QKDCRYPTO_AUTH_VMAC:
192  return VMAC (key, inputString);
193  break;
194  case QKDCRYPTO_AUTH_MD5:
195  return MD5 (inputString);
196  break;
197  case QKDCRYPTO_AUTH_SHA1:
198  return SHA1 (inputString);
199  break;
200  }
201  std::string temp;
202  return temp;
203 }
204 
205 bool
206 QKDEncryptor::CheckAuthentication(std::string payload, std::string authTag, std::string key)
207 {
208  //@toDo: authentication tag is different even though key and received tag are good, and payload seems to be correct!
209  std::string genAuthTag = Authenticate(payload, key);
210  NS_LOG_FUNCTION( this << key << authTag << genAuthTag );
211  if (genAuthTag == authTag)
212  return true;
213  else
214  return false;
215 }
216 
217 
218 /***************************************************************
219 * CRYPTO++ CRYPTOGRAPHIC FUNCTIONS
220 ***************************************************************/
221 
222 std::string
223 QKDEncryptor::Base64Encode(std::string input){
224 
225  std::string output;
226  CryptoPP::StringSource(input, true,
227  new CryptoPP::Base64Encoder(
228  new CryptoPP::StringSink(output)
229  ) // Base64Encoder
230  ); // StringSource
231  return output;
232 }
233 
234 std::string
235 QKDEncryptor::Base64Decode(std::string input){
236 
237  std::string output;
238  CryptoPP::StringSource(input, true,
239  new CryptoPP::Base64Decoder(
240  new CryptoPP::StringSink(output)
241  ) // Base64Dencoder
242  ); // StringSource
243  return output;
244 }
245 
246 std::string
247 QKDEncryptor::OTP (const std::string& key, const std::string& cipherText)
248 {
249 
250  NS_LOG_FUNCTION(this << cipherText.length() << key.length() );
251  std::string output;
252 
253  if(key.size() != cipherText.size()){
254  NS_FATAL_ERROR ("KEY SIZE DO NOT MATCH FOR OTP! \nKeySize:" << key.size() << "\nCipterText:" << cipherText.size() << "\n" );
255  output = cipherText;
256  }else{
257 
258  for (std::size_t i = 0; i < cipherText.size(); i++){
259  output.push_back(key[i] ^ cipherText[i]);
260  }
261 
262  }
263 
264  return output;
265 }
266 
267 std::string
268 QKDEncryptor::AESEncrypt (const std::string& key, const std::string& data)
269 {
270  NS_LOG_FUNCTION ( this << data.size() << key.length() );
271 
272  memset( m_iv, 0x00, CryptoPP::AES::BLOCKSIZE );
273  std::string encryptData;
274 
275  // Encryption
276  CryptoPP::CTR_Mode< CryptoPP::AES >::Encryption encryptor;
277  encryptor.SetKeyWithIV((byte*) key.c_str(), key.length(), m_iv);
278  //encryptor.SetKeyWithIV( key, CryptoPP::AES::DEFAULT_KEYLENGTH, m_iv );
279 
280  CryptoPP::StreamTransformationFilter stf( encryptor, new CryptoPP::StringSink( encryptData ) );
281  stf.Put( (byte*)data.c_str(), data.size() );
282  stf.MessageEnd();
283 
284  return encryptData;
285 }
286 
287 std::string
288 QKDEncryptor::AESDecrypt (const std::string& key, const std::string& data)
289 {
290  NS_LOG_FUNCTION (this << data.size());
291  memset( m_iv, 0x00, CryptoPP::AES::BLOCKSIZE );
292  std::string decryptData;
293 
294  // Decryption
295  CryptoPP::CTR_Mode< CryptoPP::AES >::Decryption decryptor;
296  decryptor.SetKeyWithIV((byte*) key.c_str(), key.length(), m_iv);
297  //decryptor.SetKeyWithIV( key, CryptoPP::AES::DEFAULT_KEYLENGTH, m_iv );
298 
299  CryptoPP::StreamTransformationFilter stf( decryptor, new CryptoPP::StringSink( decryptData ) );
300  stf.Put( (byte*)data.c_str(), data.size() );
301  stf.MessageEnd();
302 
303  return decryptData;
304 }
305 
306 
307 std::string
308 QKDEncryptor::HexEncode(const std::string& data)
309 {
310  NS_LOG_FUNCTION (this << data.size());
311 
312  std::string encoded;
313  CryptoPP::StringSource ss(
314  (byte*)data.data(), data.size(), true,
315  new CryptoPP::HexEncoder(new CryptoPP::StringSink(encoded))
316  );
317  return encoded;
318 }
319 
320 std::string
321 QKDEncryptor::HexDecode(const std::string& data)
322 {
323  NS_LOG_FUNCTION (this << data.size());
324 
325  std::string decoded;
326  CryptoPP::StringSource ss(
327  (byte*)data.data(), data.size(), true,
328  new CryptoPP::HexDecoder(new CryptoPP::StringSink(decoded))
329  );
330  return decoded;
331 }
332 
333 std::string
334 QKDEncryptor::VMAC (std::string& key, std::string& inputString)
335 {
336  NS_LOG_FUNCTION (this << inputString.length() << key.length() << CryptoPP::AES::BLOCKSIZE );
337  std::string outputString;
338 
339  memset( m_iv, 0x00, CryptoPP::AES::BLOCKSIZE ); //maximum is 16 bytes: VMAC(AES)-128: IV length 32 exceeds the maximum of 16
340 
341  byte digestBytes[key.length()];
342  CryptoPP::VMAC<CryptoPP::AES> vmac;
343 
344  vmac.SetKeyWithIV((byte*) key.c_str(), key.length(), m_iv, CryptoPP::AES::BLOCKSIZE);
345  vmac.CalculateDigest(digestBytes, (byte *) inputString.c_str(), inputString.length());
346 
347  CryptoPP::HexEncoder encoder;
348  encoder.Attach(new CryptoPP::StringSink(outputString));
349  encoder.Put(digestBytes, sizeof(digestBytes));
350  encoder.MessageEnd();
351 
352  //outputString = outputString.substr(0, m_authenticationTagLengthInBits);
353 
354  return outputString;
355 }
356 
357 std::string
358 QKDEncryptor::MD5(std::string& inputString)
359 {
360  NS_LOG_FUNCTION (this << inputString.length() );
361 
362  byte digestBytes[CryptoPP::Weak::MD5::DIGESTSIZE];
363 
364  CryptoPP::Weak1::MD5 md5;
365  md5.CalculateDigest(digestBytes, (byte *) inputString.c_str(), inputString.length());
366 
367  std::string outputString;
368  CryptoPP::HexEncoder encoder;
369 
370  encoder.Attach(new CryptoPP::StringSink(outputString));
371  encoder.Put(digestBytes, sizeof(digestBytes));
372  encoder.MessageEnd();
373 
374  outputString = outputString.substr(0, m_authenticationTagLengthInBits);
375  return outputString;
376 }
377 
378 std::string
379 QKDEncryptor::SHA1(std::string& inputString)
380 {
381  NS_LOG_FUNCTION (this << inputString.length() );
382 
383  byte digestBytes[CryptoPP::SHA1::DIGESTSIZE];
384 
385  CryptoPP::SHA1 sha1;
386  sha1.CalculateDigest(digestBytes, (byte *) inputString.c_str(), inputString.length());
387 
388  std::string outputString;
389  CryptoPP::HexEncoder encoder;
390 
391  encoder.Attach(new CryptoPP::StringSink(outputString));
392  encoder.Put(digestBytes, sizeof(digestBytes));
393  encoder.MessageEnd();
394 
395  outputString = outputString.substr(0, m_authenticationTagLengthInBits);
396  return outputString;
397 }
398 
399 } // namespace ns3
A base class which provides memory management and object aggregation.
Definition: object.h:89
uint32_t m_index
An index in the qkd encryptor container.
bool m_encryptionEnabled
Execute the actual encryption algorithm?
std::string EncryptMsg(std::string input, std::string key)
Encrypt a plaintext.
std::string HexDecode(const std::string &data)
Decode the HEX string.
std::string AESEncrypt(const std::string &key, const std::string &data)
Encrypt data using AES algorithm.
EncryptionType
Encryption type.
Definition: qkd-encryptor.h:96
uint32_t GetIndex()
Get the internal index identifier in the qkd encryptor container.
void SetNode(Ptr< Node > node)
Set node on which qkd encryptor is installed.
void SetIndex(uint32_t index)
Set the internal index identifier in the qkd encryptor container.
static TypeId GetTypeId(void)
Get the TypeId.
std::string Authenticate(std::string &data, std::string key="0")
Calculate an authentication tag on a message.
bool CheckAuthentication(std::string payload, std::string authTag, std::string key="0")
Authenticate the packet.
byte m_iv[CryptoPP::AES::BLOCKSIZE]
std::string Base64Decode(std::string input)
Base64 decoder.
TracedCallback< Ptr< Packet >, std::string > m_authenticationTrace
A trace callback for the authentication.
std::string VMAC(std::string &key, std::string &inputString)
Calculate authentication tag in Wegman-Carter fashion.
std::string OTP(const std::string &key, const std::string &data)
Apply the One-Time Pad cipher.
uint32_t m_authenticationTagLengthInBits
A length of the authentication tag in bits (32 by default).
std::string SHA1(std::string &inputString)
Calucale SHA1 authentication tag.
TracedCallback< Ptr< Packet >, std::string > m_deauthenticationTrace
A trace callback for the authentication check.
AuthenticationType m_authenticationType
The authentication algorithm.
Ptr< Node > m_node
A pointer to the node on which the encryptor is installed.
Ptr< Node > GetNode()
Get details about the node on which qkd encryptor is installed.
TracedCallback< Ptr< Packet > > m_decryptionTrace
A trace callback for the decryption.
AuthenticationType
Authentication type.
TracedCallback< Ptr< Packet > > m_encryptionTrace
A trace callback for the encryption.
QKDEncryptor(EncryptionType type1, AuthenticationType type2)
Constructor.
std::string HexEncode(const std::string &data)
Encode the string to the HEX string.
void ChangeSettings(EncryptionType type1, AuthenticationType type2, uint32_t authTagLength)
Constructor.
bool m_compressionEnabled
Should compression algorithms be used?
std::string DecryptMsg(std::string input, std::string key)
Decrypt a ciphertext.
std::string Base64Encode(std::string input)
Base64 encoder.
virtual ~QKDEncryptor()
Destructor.
EncryptionType m_encryptionType
The encryption algorithm.
std::string MD5(std::string &inputString)
Calculate MD5 authentication tag.
std::string AESDecrypt(const std::string &key, const std::string &data)
Decrypt data using AES algorithm.
a unique identifier for an interface.
Definition: type-id.h:59
TypeId SetParent(TypeId tid)
Set the parent TypeId.
Definition: type-id.cc:931
#define NS_FATAL_ERROR(msg)
Report a fatal error with a message and terminate.
Definition: fatal-error.h:179
#define NS_LOG_COMPONENT_DEFINE(name)
Define a Log component with a specific name.
Definition: log.h:202
#define NS_LOG_FUNCTION(parameters)
If log level LOG_FUNCTION is enabled, this macro will output all input parameters separated by ",...
#define NS_OBJECT_ENSURE_REGISTERED(type)
Register an Object subclass with the TypeId system.
Definition: object-base.h:46
Ptr< const TraceSourceAccessor > MakeTraceSourceAccessor(T a)
Create a TraceSourceAccessor which will control access to the underlying trace source.
Every class exported by the ns3 library is enclosed in the ns3 namespace.
Ptr< const AttributeChecker > MakeBooleanChecker()
Definition: boolean.cc:124
Ptr< const AttributeAccessor > MakeBooleanAccessor(T1 a1)
Definition: boolean.h:86
static const std::string base64_chars
static bool is_base64(unsigned char c)
uint8_t data[writeSize]