def _decryptDKey(self, dKeyData, onPlainText, onError):
"""
Decrypt dKeyData.
:param Data dKeyData: The D-KEY data packet.
:param onPlainText: When the data packet is decrypted, this calls
onPlainText(decryptedBlob) with the decrypted blob.
:type onPlainText: function object
:param onError: This calls onError(errorCode, message) for an error,
where errorCode is from EncryptError.ErrorCode and message is a str.
:type onError: function object
"""
# Get encrypted content.
dataContent = dKeyData.getContent()
# Process the nonce.
# dataContent is a sequence of the two EncryptedContent.
encryptedNonce = EncryptedContent()
try:
encryptedNonce.wireDecode(dataContent)
except Exception as ex:
try:
onError(EncryptError.ErrorCode.InvalidEncryptedFormat, repr(ex))
except:
logging.exception("Error in onError")
return
consumerKeyName = encryptedNonce.getKeyLocator().getKeyName()
# Get consumer decryption key.
try:
consumerKeyBlob = self._getDecryptionKey(consumerKeyName)
except Exception as ex:
Consumer._callOnError(onError,
EncryptError.ErrorCode.NoDecryptKey, "Database error: " + repr(ex))
return
if consumerKeyBlob.size() == 0:
try:
onError(EncryptError.ErrorCode.NoDecryptKey,
"The desired consumer decryption key in not in the database")
except:
logging.exception("Error in onError")
return
# Process the D-KEY.
# Use the size of encryptedNonce to find the start of encryptedPayload.
encryptedPayloadBlob = Blob(
dataContent.buf()[encryptedNonce.wireEncode().size():], False)
if encryptedPayloadBlob.size() == 0:
try:
onError(EncryptError.ErrorCode.InvalidEncryptedFormat,
"The data packet does not satisfy the D-KEY packet format")
except:
logging.exception("Error in onError")
# Decrypt the D-KEY.
Consumer._decrypt(
encryptedNonce, consumerKeyBlob,
lambda nonceKeyBits: Consumer._decrypt(
encryptedPayloadBlob, nonceKeyBits, onPlainText, onError),
onError)
def _decrypt(encryptedContent, keyBits, onPlainText, onError):
"""
Decrypt encryptedContent using keyBits.
:param encryptedContent: The EncryptedContent to decrypt, or a Blob
which is first decoded as an EncryptedContent.
:type encryptedContent: Blob or EncryptedContent
:param {Blob} keyBits The key value.
:param onPlainText: When encryptedBlob is decrypted, this calls
onPlainText(decryptedBlob) with the decrypted Blob.
:type onPlainText: function object
:param onError: This calls onError(errorCode, message) for an error,
where errorCode is from EncryptError.ErrorCode and message is a str.
:type onError: function object
"""
if isinstance(encryptedContent, Blob):
# Decode as EncryptedContent.
encryptedBlob = encryptedContent
encryptedContent = EncryptedContent()
encryptedContent.wireDecode(encryptedBlob)
payload = encryptedContent.getPayload()
if encryptedContent.getAlgorithmType() == EncryptAlgorithmType.AesCbc:
# Prepare the parameters.
decryptParams = EncryptParams(EncryptAlgorithmType.AesCbc)
decryptParams.setInitialVector(encryptedContent.getInitialVector())
# Decrypt the content.
try:
content = AesAlgorithm.decrypt(keyBits, payload, decryptParams)
except Exception as ex:
try:
onError(EncryptError.ErrorCode.InvalidEncryptedFormat,
repr(ex))
except:
logging.exception("Error in onError")
return
onPlainText(content)
elif encryptedContent.getAlgorithmType(
) == EncryptAlgorithmType.RsaOaep:
# Prepare the parameters.
decryptParams = EncryptParams(EncryptAlgorithmType.RsaOaep)
# Decrypt the content.
try:
content = RsaAlgorithm.decrypt(keyBits, payload, decryptParams)
except Exception as ex:
Consumer._callOnError(
onError, EncryptError.ErrorCode.InvalidEncryptedFormat,
repr(ex))
return
onPlainText(content)
else:
Consumer._callOnError(
onError, EncryptError.ErrorCode.UnsupportedEncryptionScheme,
repr(encryptedContent.getAlgorithmType()))
def _decrypt(encryptedContent, keyBits, onPlainText, onError):
"""
Decrypt encryptedContent using keyBits.
:param encryptedContent: The EncryptedContent to decrypt, or a Blob
which is first decoded as an EncryptedContent.
:type encryptedContent: Blob or EncryptedContent
:param {Blob} keyBits The key value.
:param onPlainText: When encryptedBlob is decrypted, this calls
onPlainText(decryptedBlob) with the decrypted Blob.
:type onPlainText: function object
:param onError: This calls onError(errorCode, message) for an error,
where errorCode is from EncryptError.ErrorCode and message is a str.
:type onError: function object
"""
if isinstance(encryptedContent, Blob):
# Decode as EncryptedContent.
encryptedBlob = encryptedContent
encryptedContent = EncryptedContent()
encryptedContent.wireDecode(encryptedBlob)
payload = encryptedContent.getPayload()
if encryptedContent.getAlgorithmType() == EncryptAlgorithmType.AesCbc:
# Prepare the parameters.
decryptParams = EncryptParams(EncryptAlgorithmType.AesCbc)
decryptParams.setInitialVector(encryptedContent.getInitialVector())
# Decrypt the content.
try:
content = AesAlgorithm.decrypt(keyBits, payload, decryptParams)
except Exception as ex:
try:
onError(EncryptError.ErrorCode.InvalidEncryptedFormat, repr(ex))
except:
logging.exception("Error in onError")
return
onPlainText(content)
elif encryptedContent.getAlgorithmType() == EncryptAlgorithmType.RsaOaep:
# Prepare the parameters.
decryptParams = EncryptParams(EncryptAlgorithmType.RsaOaep)
# Decrypt the content.
try:
content = RsaAlgorithm.decrypt(keyBits, payload, decryptParams)
except Exception as ex:
Consumer._callOnError(onError,
EncryptError.ErrorCode.InvalidEncryptedFormat, repr(ex))
return
onPlainText(content)
else:
Consumer._callOnError(onError,
EncryptError.ErrorCode.UnsupportedEncryptionScheme,
repr(encryptedContent.getAlgorithmType()))
def _decryptCKey(self, cKeyData, onPlainText, onError):
"""
Decrypt cKeyData.
:param Data cKeyData: The C-KEY data packet.
:param onPlainText: When the data packet is decrypted, this calls
onPlainText(decryptedBlob) with the decrypted blob.
:type onPlainText: function object
:param onError: This calls onError(errorCode, message) for an error,
where errorCode is from EncryptError.ErrorCode and message is a str.
:type onError: function object
"""
# Get the encrypted content.
cKeyContent = cKeyData.getContent()
cKeyEncryptedContent = EncryptedContent()
try:
cKeyEncryptedContent.wireDecode(cKeyContent)
except Exception as ex:
try:
onError(EncryptError.ErrorCode.InvalidEncryptedFormat,
repr(ex))
except:
logging.exception("Error in onError")
return
eKeyName = cKeyEncryptedContent.getKeyLocator().getKeyName()
dKeyName = eKeyName.getPrefix(-3)
dKeyName.append(Encryptor.NAME_COMPONENT_D_KEY).append(
eKeyName.getSubName(-2))
# Check if the decryption key is already in the store.
if dKeyName in self._dKeyMap:
dKey = self._dKeyMap[dKeyName]
Consumer._decrypt(cKeyEncryptedContent, dKey, onPlainText, onError)
else:
# Get the D-Key Data.
interestName = Name(dKeyName)
interestName.append(Encryptor.NAME_COMPONENT_FOR).append(
self._consumerName)
interest = Interest(interestName)
def onVerified(validDKeyData):
def localOnPlainText(dKeyBits):
# dKeyName is already a local copy.
self._dKeyMap[dKeyName] = dKeyBits
Consumer._decrypt(cKeyEncryptedContent, dKeyBits,
onPlainText, onError)
self._decryptDKey(validDKeyData, localOnPlainText, onError)
self._sendInterest(interest, 1, self._dKeyLink, onVerified,
onError)
def _decryptCKey(self, cKeyData, onPlainText, onError):
"""
Decrypt cKeyData.
:param Data cKeyData: The C-KEY data packet.
:param onPlainText: When the data packet is decrypted, this calls
onPlainText(decryptedBlob) with the decrypted blob.
:type onPlainText: function object
:param onError: This calls onError(errorCode, message) for an error,
where errorCode is from EncryptError.ErrorCode and message is a str.
:type onError: function object
"""
# Get the encrypted content.
cKeyContent = cKeyData.getContent()
cKeyEncryptedContent = EncryptedContent()
try:
cKeyEncryptedContent.wireDecode(cKeyContent)
except Exception as ex:
try:
onError(EncryptError.ErrorCode.InvalidEncryptedFormat, repr(ex))
except:
logging.exception("Error in onError")
return
eKeyName = cKeyEncryptedContent.getKeyLocator().getKeyName()
dKeyName = eKeyName.getPrefix(-3)
dKeyName.append(Encryptor.NAME_COMPONENT_D_KEY).append(
eKeyName.getSubName(-2))
# Check if the decryption key is already in the store.
if dKeyName in self._dKeyMap:
dKey = self._dKeyMap[dKeyName]
Consumer._decrypt(cKeyEncryptedContent, dKey, onPlainText, onError)
else:
# Get the D-Key Data.
interestName = Name(dKeyName)
interestName.append(Encryptor.NAME_COMPONENT_FOR).append(
self._consumerName)
interest = Interest(interestName)
def onVerified(validDKeyData):
def localOnPlainText(dKeyBits):
# dKeyName is already a local copy.
self._dKeyMap[dKeyName] = dKeyBits
Consumer._decrypt(
cKeyEncryptedContent, dKeyBits, onPlainText, onError)
self._decryptDKey(validDKeyData, localOnPlainText, onError)
self._sendInterest(interest, 1, self._dKeyLink, onVerified, onError)
def _decryptContent(self, data, onPlainText, onError):
"""
Decrypt the data packet.
:param Data data: The data packet. This does not verify the packet.
:param onPlainText: When the data packet is decrypted, this calls
onPlainText(decryptedBlob) with the decrypted blob.
:type onPlainText: function object
:param onError: This calls onError(errorCode, message) for an error,
where errorCode is from EncryptError.ErrorCode and message is a str.
:type onError: function object
"""
# Get the encrypted content.
dataEncryptedContent = EncryptedContent()
try:
dataEncryptedContent.wireDecode(data.getContent())
except Exception as ex:
Consumer._callOnError(
onError, EncryptError.ErrorCode.InvalidEncryptedFormat,
repr(ex))
return
cKeyName = dataEncryptedContent.getKeyLocator().getKeyName()
# Check if the content key is already in the store.
if cKeyName in self._cKeyMap:
cKey = self._cKeyMap[cKeyName]
self._decrypt(dataEncryptedContent, cKey, onPlainText, onError)
else:
# Retrieve the C-KEY Data from the network.
interestName = Name(cKeyName)
interestName.append(Encryptor.NAME_COMPONENT_FOR).append(
self._groupName)
interest = Interest(interestName)
def onVerified(validCKeyData):
def localOnPlainText(cKeyBits):
# cKeyName is already a copy inside the local
# dataEncryptedContent.
self._cKeyMap[cKeyName] = cKeyBits
Consumer._decrypt(dataEncryptedContent, cKeyBits,
onPlainText, onError)
self._decryptCKey(validCKeyData, localOnPlainText, onError)
self._sendInterest(interest, 1, self._cKeyLink, onVerified,
onError)
def _decryptContent(self, data, onPlainText, onError):
"""
Decrypt the data packet.
:param Data data: The data packet. This does not verify the packet.
:param onPlainText: When the data packet is decrypted, this calls
onPlainText(decryptedBlob) with the decrypted blob.
:type onPlainText: function object
:param onError: This calls onError(errorCode, message) for an error,
where errorCode is from EncryptError.ErrorCode and message is a str.
:type onError: function object
"""
# Get the encrypted content.
dataEncryptedContent = EncryptedContent()
try:
dataEncryptedContent.wireDecode(data.getContent())
except Exception as ex:
Consumer._callOnError(onError,
EncryptError.ErrorCode.InvalidEncryptedFormat, repr(ex))
return
cKeyName = dataEncryptedContent.getKeyLocator().getKeyName()
# Check if the content key is already in the store.
if cKeyName in self._cKeyMap:
cKey = self._cKeyMap[cKeyName]
self._decrypt(dataEncryptedContent, cKey, onPlainText, onError)
else:
# Retrieve the C-KEY Data from the network.
interestName = Name(cKeyName)
interestName.append(Encryptor.NAME_COMPONENT_FOR).append(self._groupName)
interest = Interest(interestName)
def onVerified(validCKeyData):
def localOnPlainText(cKeyBits):
# cKeyName is already a copy inside the local
# dataEncryptedContent.
self._cKeyMap[cKeyName] = cKeyBits
Consumer._decrypt(
dataEncryptedContent, cKeyBits, onPlainText, onError)
self._decryptCKey(validCKeyData, localOnPlainText, onError)
self._sendInterest(interest, 1, self._cKeyLink, onVerified, onError)
def _decryptDKey(self, dKeyData, onPlainText, onError):
"""
Decrypt dKeyData.
:param Data dKeyData: The D-KEY data packet.
:param onPlainText: When the data packet is decrypted, this calls
onPlainText(decryptedBlob) with the decrypted blob.
:type onPlainText: function object
:param onError: This calls onError(errorCode, message) for an error,
where errorCode is from EncryptError.ErrorCode and message is a str.
:type onError: function object
"""
# Get encrypted content.
dataContent = dKeyData.getContent()
# Process the nonce.
# dataContent is a sequence of the two EncryptedContent.
encryptedNonce = EncryptedContent()
try:
encryptedNonce.wireDecode(dataContent)
except Exception as ex:
try:
onError(EncryptError.ErrorCode.InvalidEncryptedFormat,
repr(ex))
except:
logging.exception("Error in onError")
return
consumerKeyName = encryptedNonce.getKeyLocator().getKeyName()
# Get consumer decryption key.
try:
consumerKeyBlob = self._getDecryptionKey(consumerKeyName)
except Exception as ex:
Consumer._callOnError(onError, EncryptError.ErrorCode.NoDecryptKey,
"Database error: " + repr(ex))
return
if consumerKeyBlob.size() == 0:
try:
onError(
EncryptError.ErrorCode.NoDecryptKey,
"The desired consumer decryption key in not in the database"
)
except:
logging.exception("Error in onError")
return
# Process the D-KEY.
# Use the size of encryptedNonce to find the start of encryptedPayload.
encryptedPayloadBlob = Blob(
dataContent.buf()[encryptedNonce.wireEncode().size():], False)
if encryptedPayloadBlob.size() == 0:
try:
onError(
EncryptError.ErrorCode.InvalidEncryptedFormat,
"The data packet does not satisfy the D-KEY packet format")
except:
logging.exception("Error in onError")
return
# Decrypt the D-KEY.
Consumer._decrypt(
encryptedNonce,
consumerKeyBlob, lambda nonceKeyBits: Consumer._decrypt(
encryptedPayloadBlob, nonceKeyBits, onPlainText, onError),
onError)
def _decryptCKey(self, cKeyData, onPlainText, onError):
"""
Decrypt cKeyData.
:param Data cKeyData: The C-KEY data packet.
:param onPlainText: When the data packet is decrypted, this calls
onPlainText(decryptedBlob) with the decrypted blob.
:type onPlainText: function object
:param onError: This calls onError(errorCode, message) for an error,
where errorCode is from EncryptError.ErrorCode and message is a str.
:type onError: function object
"""
# Get the encrypted content.
cKeyContent = cKeyData.getContent()
cKeyEncryptedContent = EncryptedContent()
try:
cKeyEncryptedContent.wireDecode(cKeyContent)
except Exception as ex:
try:
onError(EncryptError.ErrorCode.InvalidEncryptedFormat,
repr(ex))
except:
logging.exception("Error in onError")
return
eKeyName = cKeyEncryptedContent.getKeyLocator().getKeyName()
dKeyName = eKeyName.getPrefix(-3)
dKeyName.append(Encryptor.NAME_COMPONENT_D_KEY).append(
eKeyName.getSubName(-2))
# Check if the decryption key is already in the store.
if dKeyName in self._dKeyMap:
dKey = self._dKeyMap[dKeyName]
Consumer._decrypt(cKeyEncryptedContent, dKey, onPlainText, onError)
else:
# Get the D-Key Data.
interestName = Name(dKeyName)
interestName.append(Encryptor.NAME_COMPONENT_FOR).append(
self._consumerName)
interest = Interest(interestName)
# Prepare the callback functions.
def onData(dKeyInterest, dKeyData):
# The Interest has no selectors, so assume the library correctly
# matched with the Data name before calling onData.
try:
def onVerified(validDKeyData):
def localOnPlainText(dKeyBits):
# dKeyName is already a local copy.
self._dKeyMap[dKeyName] = dKeyBits
Consumer._decrypt(cKeyEncryptedContent, dKeyBits,
onPlainText, onError)
self._decryptDKey(validDKeyData, localOnPlainText,
onError)
self._keyChain.verifyData(
dKeyData, onVerified, lambda d: Consumer._callOnError(
onError, EncryptError.ErrorCode.Validation,
"verifyData failed"))
except Exception as ex:
try:
onError(EncryptError.ErrorCode.General,
"verifyData error: " + repr(ex))
except:
logging.exception("Error in onError")
def onTimeout(dKeyInterest):
# We should re-try at least once.
try:
self._face.expressInterest(
interest, onData,
lambda contentInterest: Consumer._callOnError(
onError, EncryptError.ErrorCode.Timeout,
interest.getName().toUri()))
except Exception as ex:
try:
onError(EncryptError.ErrorCode.General,
"expressInterest error: " + repr(ex))
except:
logging.exception("Error in onError")
# Express the Interest.
try:
self._face.expressInterest(interest, onData, onTimeout)
except Exception as ex:
try:
onError(EncryptError.ErrorCode.General,
"expressInterest error: " + repr(ex))
except:
logging.exception("Error in onError")
def _decryptCKey(self, cKeyData, onPlainText, onError):
"""
Decrypt cKeyData.
:param Data cKeyData: The C-KEY data packet.
:param onPlainText: When the data packet is decrypted, this calls
onPlainText(decryptedBlob) with the decrypted blob.
:type onPlainText: function object
:param onError: This calls onError(errorCode, message) for an error,
where errorCode is from EncryptError.ErrorCode and message is a str.
:type onError: function object
"""
# Get the encrypted content.
cKeyContent = cKeyData.getContent()
cKeyEncryptedContent = EncryptedContent()
try:
cKeyEncryptedContent.wireDecode(cKeyContent)
except Exception as ex:
try:
onError(EncryptError.ErrorCode.InvalidEncryptedFormat, repr(ex))
except:
logging.exception("Error in onError")
return
eKeyName = cKeyEncryptedContent.getKeyLocator().getKeyName()
dKeyName = eKeyName.getPrefix(-3)
dKeyName.append(Encryptor.NAME_COMPONENT_D_KEY).append(
eKeyName.getSubName(-2))
# Check if the decryption key is already in the store.
if dKeyName in self._dKeyMap:
dKey = self._dKeyMap[dKeyName]
Consumer._decrypt(cKeyEncryptedContent, dKey, onPlainText, onError)
else:
# Get the D-Key Data.
interestName = Name(dKeyName)
interestName.append(Encryptor.NAME_COMPONENT_FOR).append(
self._consumerName)
interest = Interest(interestName)
# Prepare the callback functions.
def onData(dKeyInterest, dKeyData):
# The Interest has no selectors, so assume the library correctly
# matched with the Data name before calling onData.
try:
def onVerified(validDKeyData):
def localOnPlainText(dKeyBits):
# dKeyName is already a local copy.
self._dKeyMap[dKeyName] = dKeyBits
Consumer._decrypt(
cKeyEncryptedContent, dKeyBits, onPlainText, onError)
self._decryptDKey(validDKeyData, localOnPlainText, onError)
self._keyChain.verifyData(
dKeyData, onVerified,
lambda d: Consumer._callOnError(onError, EncryptError.ErrorCode.Validation,
"verifyData failed"))
except Exception as ex:
try:
onError(EncryptError.ErrorCode.General,
"verifyData error: " + repr(ex))
except:
logging.exception("Error in onError")
def onTimeout(dKeyInterest):
# We should re-try at least once.
try:
self._face.expressInterest(
interest, onData,
lambda contentInterest:
Consumer._callOnError(onError,
EncryptError.ErrorCode.Timeout, interest.getName().toUri()))
except Exception as ex:
try:
onError(EncryptError.ErrorCode.General,
"expressInterest error: " + repr(ex))
except:
logging.exception("Error in onError")
# Express the Interest.
try:
self._face.expressInterest(interest, onData, onTimeout)
except Exception as ex:
try:
onError(EncryptError.ErrorCode.General,
"expressInterest error: " + repr(ex))
except:
logging.exception("Error in onError")
