Merge pull request #3

flic-07

Author: mmosko

README.md

@@ -11,55 +11,137 @@
 #  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 #  See the License for the specific language governing permissions and
 #  limitations under the License.
+import argparse
 import getpass
+import logging
+import uuid
 from typing import Optional
 
 from ccnpy.crypto.AeadKey import AeadKey, AeadGcm, AeadCcm
+from ccnpy.crypto.HpkeKdfIdentifiers import HpkeKdfIdentifiers
 from ccnpy.crypto.InsecureKeystore import InsecureKeystore
 from ccnpy.crypto.RsaKey import RsaKey
 from ccnpy.crypto.RsaSha256 import RsaSha256Signer, RsaSha256Verifier
+from ccnpy.flic.RsaOaepCtx.RsaOaepEncryptor import RsaOaepEncryptor
 from ccnpy.flic.aeadctx.AeadDecryptor import AeadDecryptor
 from ccnpy.flic.aeadctx.AeadEncryptor import AeadEncryptor
+from ccnpy.flic.aeadctx.AeadParameters import AeadParameters
+from ccnpy.flic.tlvs.KdfAlg import KdfAlg
+from ccnpy.flic.tlvs.KdfData import KdfData
+from ccnpy.flic.tlvs.KdfInfo import KdfInfo
+from ccnpy.flic.tlvs.KeyNumber import KeyNumber
 
 
+logger = logging.getLogger(__name__)
+
+
+def _str_to_array(value: str):
+    """
+    Accept a string in the forms "0xabcd..." or "abcd..." (both in hex) and output
+    an array['B', ...]
+    """
+    if value.startswith('0x'):
+        offset=2
+    else:
+        offset=0
+
+    return bytes.fromhex(value[offset:])
+
 def add_encryption_cli_args(parser):
 
     parser.add_argument('-k', dest="key_file", default=None,
                         help="RSA key in PEM format to sign the root manifest")
     parser.add_argument('-p', dest="key_pass", default=None,
                         help="RSA key password (otherwise will prompt)")
 
-    parser.add_argument('--enc-key', dest="enc_key", default=None, help="AES encryption key (hex string)")
-    parser.add_argument("--aes-mode", dest="aes_mode", default='GCM', choices=['GCM', 'CCM'], help="Encryption algorithm, default GCM")
-    parser.add_argument('--key-num', dest="key_num", type=int, default=None,
+    parser.add_argument('--wrap-key', dest="wrap_key", default=None, help="Wrapping key for RSA-OAEP mode.")
+    parser.add_argument('--wrap-pass', dest="wrap_pass", default=None, help="Wrapping key key password (otherwise will prompt).")
+
+    parser.add_argument('--enc-key', dest="enc_key",
+                        type=_str_to_array,
+                        default=None, help="AES encryption key (hex string)")
+    parser.add_argument("--aes-mode", dest="aes_mode", default='GCM',
+                        type=lambda x: x.upper(),
+                        choices=['GCM', 'CCM'], help="Encryption algorithm, default GCM")
+    parser.add_argument('--key-num', dest="key_num", type=KeyNumber, default=None,
                         help="Key number of pre-shared key (defaults to key hash)")
     parser.add_argument('--salt', dest="salt", type=lambda x: int(x,0), default=None,
                         help="Upto a 4-byte salt to include in the IV with the nonce.")
 
+    parser.add_argument('--kdf', dest="kdf_alg", type=lambda x: HpkeKdfIdentifiers.parse(x),
+                        choices=[HpkeKdfIdentifiers.HKDF_SHA256, HpkeKdfIdentifiers.HKDF_SHA384, HpkeKdfIdentifiers.HKDF_SHA512],
+                        default=None,
+                        help="Use a KDF")
+    parser.add_argument('--kdf-info', dest="kdf_info", type=lambda x: KdfInfo(x),
+                        default=None,
+                        help="KDF INFO string (ascii or 0x hex string)")
+    parser.add_argument('--kdf-uuid', dest="kdf_uuid", default=False, action=argparse.BooleanOptionalAction,
+                        help="Use a Type 1 UUID for the KdfInfo (overrides --kdf-info)")
+    parser.add_argument('--kdf-salt', dest="kdf_salt", type=lambda x: int(x,0), default=None,
+                        help="Upto a 4-byte salt to include in the KDF function (do not use with RSA-OAEP).")
+
+
 def aes_key_from_cli_args(args) -> Optional[AeadKey]:
     if args.enc_key is None:
         return None
 
-    key_bytes = bytearray.fromhex(args.enc_key)
     if args.aes_mode == 'GCM':
-        return AeadGcm(key=key_bytes)
+        return AeadGcm(key=args.enc_key)
     elif args.aes_mode == 'CCM':
-        return AeadCcm(key=key_bytes)
+        return AeadCcm(key=args.enc_key)
     else:
         raise ValueError(f'aes_mode must be GCM or CCM, got {args.aes_mode}.')
 
-def aead_encryptor_from_cli_args(args):
+def kdf_data_from_cli(args) -> Optional[KdfData]:
+    if args.kdf_uuid:
+        args.kdf_info = KdfInfo(uuid.uuid1())
+
+    if args.kdf_alg is not None:
+        return KdfData(KdfAlg(args.kdf_alg), args.kdf_info)
+    else:
+        return None
+
+def aead_parameters_from_cli(args):
+    key = aes_key_from_cli_args(args)
+    params = AeadParameters(
+        key=key,
+        key_number=args.key_num,
+        aead_salt=args.salt,
+        kdf_data=kdf_data_from_cli(args),
+        kdf_salt=args.kdf_salt)
+
+    logger.debug(params)
+
+    return params
+
+def aead_encryptor_from_cli_args(args) -> Optional[AeadEncryptor]:
     if args.enc_key is not None:
-        key = aes_key_from_cli_args(args)
-        return AeadEncryptor(key=key, key_number=args.key_num, salt=args.salt)
+        return AeadEncryptor(aead_parameters_from_cli(args))
     return None
 
-def aead_decryptor_from_cli_args(args):
+def aead_decryptor_from_cli_args(args) -> Optional[AeadDecryptor]:
     if args.enc_key is not None:
-        key = aes_key_from_cli_args(args)
-        return AeadDecryptor(key=key, key_number=args.key_num, salt=args.salt)
+        return AeadDecryptor(aead_parameters_from_cli(args))
     return None
 
+def rsa_oaep_encryptor_from_cli_args(args):
+    if args.wrap_key is None:
+        raise ValueError("You must specify a wrapping key for RSA-OAEP mode.")
+
+    wrapping_key = RsaKey.load_pem_key(args.wrap_key, args.wrap_pass)
+    if args.enc_key is None:
+        encryptor = RsaOaepEncryptor.create_with_new_content_key(wrapping_key=wrapping_key, kdf_data=kdf_data_from_cli(args))
+    else:
+        encryptor = RsaOaepEncryptor(wrapping_key=wrapping_key, params=aead_parameters_from_cli(args))
+    logger.debug(encryptor)
+    return encryptor
+
+def encryptor_from_cli_args(args):
+    if args.wrap_key is None:
+        return aead_encryptor_from_cli_args(args)
+    else:
+        return rsa_oaep_encryptor_from_cli_args(args)
+
 def rsa_signer_from_cli_args(args):
     if args.key_file is not None:
         signing_key = RsaKey.load_pem_key(args.key_file, args.key_pass)
@@ -75,20 +157,26 @@ def rsa_verifier_from_cli_args(args):
 def fixup_key_password(args, ask_for_pass: bool = True):
     if args.key_pass is None:
         if ask_for_pass:
-            args.key_pass = getpass.getpass(prompt="Private key password")
-        else:
-            return
+            args.key_pass = getpass.getpass(prompt="Signing private key password")
+            if len(args.key_pass) == 0:
+                args.key_pass = None
 
-    if len(args.key_pass) == 0:
-        args.key_pass = None
+    if args.wrap_key is not None and args.wrap_pass is None:
+        if ask_for_pass:
+            args.wrap_pass = getpass.getpass(prompt="Wrapping key password")
+            if len(args.wrap_pass) == 0:
+                args.wrap_pass = None
 
 def create_keystore(args):
     keystore = InsecureKeystore()
-    aes_key = aes_key_from_cli_args(args)
-    if aes_key is not None:
-        keystore.add_aes_key(args.key_num, aes_key, args.salt)
+    aead_params = aead_parameters_from_cli(args)
+    if aead_params.key is not None:
+        keystore.add_aes_key(aead_params)
 
     if args.key_file is not None:
         keystore.add_rsa_key(name='default', key=RsaKey.load_pem_key(args.key_file, args.key_pass))
 
+    if args.wrap_key is not None:
+        keystore.add_rsa_key(name='wrap', key=RsaKey.load_pem_key(args.wrap_key, args.wrap_pass))
+
     return keystore

ccnpy/apps/cli_utils.py

@@ -13,6 +13,7 @@
 #  limitations under the License.
 
 import argparse
+import logging
 import sys
 from abc import ABC, abstractmethod
 
@@ -72,7 +73,6 @@ def __init__(self, args, keystore: InsecureKeystore):
         self._root_hash = args.hash_restriction
         self._dir = args.in_dir
         self._keystore = keystore
-        self._decryptors = {}
         self._reader = TreeIO.PacketDirectoryReader(self._dir)
         self._writer = self._create_writer(args)
         self.debug = False
@@ -102,8 +102,7 @@ def read(self):
         with self._writer:
             traverser = Traversal(packet_input=self._reader,
                                   data_writer=self._writer,
-                                  keystore=self._keystore,
-                                  debug=self.debug)
+                                  keystore=self._keystore)
             # this will walk the manifest tree and write the app data to `data_writer`.
             traverser.traverse(root_name=self._root_name, hash_restriction=self._root_hash)
 
@@ -113,6 +112,11 @@ def read(self):
 
 
 def run():
+    logging.basicConfig(level=logging.INFO)
+    logging.getLogger('ccnpy.flic.tree.Traversal').setLevel(logging.DEBUG)
+    logging.getLogger('ccnpy.flic.RsaOaepCtx.RsaOaepImpl').setLevel(logging.DEBUG)
+    logging.getLogger('ccnpy.crypto.InsecureKeystore').setLevel(logging.DEBUG)
+
     parser = argparse.ArgumentParser()
 
     parser.add_argument('--name', dest="name", default=None, help='CCNx URI for root manifest', required=True)

ccnpy/apps/manifest_reader.py

@@ -14,6 +14,7 @@
 
 
 import argparse
+import logging
 from datetime import datetime
 
 from ccnpy.core.ExpiryTime import ExpiryTime
@@ -24,8 +25,7 @@
 from ccnpy.flic.name_constructor.SchemaType import SchemaType
 from ccnpy.flic.tlvs.Locators import Locators
 from ccnpy.flic.tree.TreeIO import TreeIO
-from .cli_utils import add_encryption_cli_args, rsa_signer_from_cli_args, aead_encryptor_from_cli_args, \
-    fixup_key_password
+from .cli_utils import add_encryption_cli_args, rsa_signer_from_cli_args, fixup_key_password, encryptor_from_cli_args
 
 
 class ManifestWriter:
@@ -59,7 +59,7 @@ def _create_tree_options(self, args):
                                            manifest_expiry_time=self._parse_time(args.node_expiry),
                                            data_expiry_time=self._parse_time(args.data_expiry),
 
-                                           manifest_encryptor=aead_encryptor_from_cli_args(args),
+                                           manifest_encryptor=encryptor_from_cli_args(args),
 
                                            add_node_subtree_size=True,
 
@@ -107,6 +107,9 @@ def _create_manifest_tree(self) -> Packet:
 
 
 def run():
+    logging.basicConfig(level=logging.INFO)
+    # logging.getLogger('ccnpy.apps.cli_utils').setLevel(logging.DEBUG)
+
     max_size = 1500
 
     parser = argparse.ArgumentParser()

ccnpy/apps/manifest_writer.py

@@ -13,6 +13,7 @@
 #  limitations under the License.
 
 import argparse
+import logging
 from pathlib import PurePath
 
 from ccnpy.apps.packet_utils import validate_packet, decrypt_manifest
@@ -68,6 +69,10 @@ def read(self):
 
 
 def run():
+    logging.basicConfig(level=logging.INFO)
+    # logging.getLogger('ccnpy.crypto.InsecureKeystore').setLevel(logging.DEBUG)
+    logging.getLogger('ccnpy.apps.cli_utils').setLevel(logging.DEBUG)
+
     parser = argparse.ArgumentParser()
     parser.add_argument('-i', dest="in_dir", default='.', help="input directory (default=%r)" % '.')
 

ccnpy/apps/packet_reader.py

@@ -14,11 +14,13 @@
 from ccnpy.core.ValidationAlg import ValidationAlg_Crc32c, ValidationAlg_RsaSha256
 from ccnpy.crypto.Crc32c import Crc32cVerifier
 from ccnpy.crypto.DecryptionError import DecryptionError
-from ccnpy.crypto.InsecureKeystore import InsecureKeystore
+from ccnpy.crypto.InsecureKeystore import InsecureKeystore, KeyIdNotFoundError, KeyNumberNotFoundError
 from ccnpy.crypto.RsaSha256 import RsaSha256Verifier
+from ccnpy.flic.RsaOaepCtx.RsaOaepDecryptor import RsaOaepDecryptor
 from ccnpy.flic.aeadctx.AeadDecryptor import AeadDecryptor
 from ccnpy.flic.tlvs.AeadCtx import AeadCtx
 from ccnpy.flic.tlvs.Manifest import Manifest
+from ccnpy.flic.tlvs.RsaOaepCtx import RsaOaepCtx
 
 __static_crc32c_verifier = Crc32cVerifier()
 
@@ -34,11 +36,8 @@ def validate_packet(keystore: InsecureKeystore, packet):
     elif isinstance(alg, ValidationAlg_RsaSha256):
         try:
             rsa_pub_key = keystore.get_rsa(alg.keyid())
-        except KeyError:
-            raise KeyError(f'Could not find RSA key in keystore with keyid {alg.keyid()}')
-
-        if rsa_pub_key is None:
-            print(f"Packet requires RsaSha256 verifier, but no key matching keyid {alg.keyid} found.")
+        except KeyIdNotFoundError:
+            print(f'Signature not validated, could not find RSA key in keystore with keyid {alg.keyid()}')
             return
 
         # TODO: we should cache these
@@ -53,19 +52,35 @@ def validate_packet(keystore: InsecureKeystore, packet):
     print(f"Packet validation success with {verifier}")
     return
 
+
+def _get_aead_decryptor(keystore: InsecureKeystore, security_ctx: AeadCtx):
+    try:
+        params = keystore.get_aes_key(security_ctx.key_number())
+    except KeyNumberNotFoundError:
+        print(f'Manifest not decrypted, could not find AES key in keystore with {security_ctx.key_number()}')
+        return None
+
+    return AeadDecryptor(params)
+
+
+def _get_oaep_decryptor(keystore, security_ctx):
+    return RsaOaepDecryptor(keystore)
+
+
 def decrypt_manifest(keystore: InsecureKeystore, manifest: Manifest) -> Manifest:
     if not manifest.is_encrypted():
         return manifest
 
     security_ctx = manifest.security_ctx()
     if isinstance(security_ctx, AeadCtx):
-        key = keystore.get_aes_key(security_ctx.key_number())
-        salt = keystore.get_aes_salt(security_ctx.key_number())
-        decryptor = AeadDecryptor(key=key, key_number=security_ctx.key_number(), salt=salt)
-
-        try:
-            return decryptor.decrypt_manifest(manifest)
-        except DecryptionError as e:
-            print(f"Failed decryption: {e}")
+        decryptor = _get_aead_decryptor(keystore, security_ctx)
+    elif isinstance(security_ctx, RsaOaepCtx):
+        decryptor = _get_oaep_decryptor(keystore, security_ctx)
     else:
         print(f"Unsupported encryption mode: {security_ctx}")
+        return None
+
+    try:
+        return decryptor.decrypt_manifest(manifest)
+    except DecryptionError as e:
+        print(f"Failed decryption: {e}")

ccnpy/apps/packet_utils.py

@@ -21,7 +21,9 @@
 class DisplayFormatter:
     @classmethod
     def hexlify(cls, value):
-        return str(binascii.hexlify(value), 'utf-8')
+        if value is None:
+            return "None"
+        return f'0x{str(binascii.hexlify(value), 'utf-8')}'
 
     @classmethod
     def prettify(cls, value):