@@ -16,85 +16,75 @@ namespace mysqlx{
16
16
MYSQLX_ABI_BEGIN (2 ,0 )
17
17
namespace abe {
18
18
19
- bool abe_crypto::encrypt (std::string pt, std::string policy, std::string &ct){
19
+ void abe_crypto::encrypt (std::string pt, std::string policy, std::string &ct){
20
20
21
21
oabe::InitializeOpenABE ();
22
22
oabe::OpenABECryptoContext cpabe (" CP-ABE" );
23
23
cpabe.importPublicParams (mpk);
24
24
cpabe.encrypt (policy.c_str (), pt, ct);
25
25
oabe::ShutdownOpenABE ();
26
-
27
- // std::cout<<"encrypt succefully!"<<std::endl;
28
- return true ;
29
26
}
30
27
31
- bool abe_crypto::decrypt (const std::string ct, std::string &pt){
28
+ void abe_crypto::decrypt (const std::string ct, std::string &pt){
32
29
33
30
if (!check_abe_key ()){
34
- return false ;
31
+ ABE_ERROR ( " no abe key! " ) ;
35
32
}
36
33
37
34
oabe::InitializeOpenABE ();
38
35
oabe::OpenABECryptoContext cpabe (" CP-ABE" );
39
36
cpabe.importPublicParams (mpk);
40
37
cpabe.importUserKey (user.user_id .c_str (), user.user_key );
41
38
if (!cpabe.decrypt (user.user_id .c_str (), ct, pt)){
42
- pt = " can't decrypt." ;
39
+ oabe::ShutdownOpenABE ();
40
+ ABE_ERROR (" abe: can't decrypt." );
43
41
}
44
- // std::cout << "Recovered message: " << pt << std::endl;
45
42
oabe::ShutdownOpenABE ();
46
-
47
- return true ;
48
43
}
49
44
50
45
bool abe_crypto::check_abe_key (){
51
46
if (user.user_key == " " ){
52
- ABE_ERROR (" there is no abe_key, please run:\n\t show current_abe_key;\n to get from database" );
53
47
return false ;
54
48
}
55
49
return true ;
56
50
}
57
51
58
52
59
- bool abe_crypto::init (std::string mpk_path, std::string key_path,
53
+ void abe_crypto::init (std::string mpk_path, std::string key_path,
60
54
std::string kms_cert_path, std::string db_cert_path,
61
55
std::string rsa_sk_path){
62
- if (!(import_mpk (mpk_path)
63
- && import_db_cert (db_cert_path) && import_kms_cert (kms_cert_path)
64
- && import_sk (rsa_sk_path))){
65
- return false ;
66
- }
56
+ import_mpk (mpk_path);
57
+ import_db_cert (db_cert_path);
58
+ import_kms_cert (kms_cert_path);
59
+ import_sk (rsa_sk_path);
67
60
if (!import_user_key (key_path)){ // abe_user_key可以之后获取
68
61
user.user_key = " " ;
69
62
}
70
- return true ;
71
63
}
72
64
73
- bool abe_crypto::import_mpk (std::string mpk_path){
65
+ void abe_crypto::import_mpk (std::string mpk_path){
74
66
// 读入mpk
75
67
std::ifstream ifs_mpk (mpk_path, std::ios::in);
76
68
if (!ifs_mpk){
69
+ ifs_mpk.close ();
77
70
ABE_ERROR2 (" error opening security pameter (mpk) file.\n mpk_path=" , mpk_path);
78
- return false ;
79
71
}
80
72
ifs_mpk>>mpk;
81
73
ifs_mpk.close ();
82
- return true ;
83
74
}
84
75
85
76
bool abe_crypto::import_user_key (std::string key_path){
86
77
// 读入abe_user_key
87
78
std::ifstream ifs_key (key_path, std::ios::in);
88
79
if (!ifs_key){
89
- ABE_ERROR (" there is no abe_key, please run:\n\t show current_abe_key;\n to get from database" );
90
80
return false ;
91
81
}
92
82
ifs_key>>user.user_key ;
93
83
ifs_key.close ();
94
84
return true ;
95
85
}
96
86
97
- bool abe_crypto::save_user_key (std::string key_path, std::string key_str_b64){
87
+ void abe_crypto::save_user_key (std::string key_path, std::string key_str_b64){
98
88
std::string pt;
99
89
100
90
// key_str为base64编码
@@ -107,32 +97,25 @@ bool abe_crypto::save_user_key(std::string key_path, std::string key_str_b64){
107
97
if (!rsa_decrypt (ct, pt)){
108
98
free (key_str);
109
99
ABE_ERROR (" failed to decrypt abe user key" );
110
- return false ;
111
100
}
112
101
free (key_str);
113
102
114
- if (pt == " " ){
115
- return false ;
116
- }
117
103
// 写入abe_user_key
118
104
std::ofstream ofs_key (key_path, std::ios::out);
119
105
if (!ofs_key){
120
106
ABE_ERROR2 (" error opening user key-file.\n key_path=" , key_path);
121
- return false ;
122
107
}
123
108
ofs_key << pt;
124
109
user.user_key = pt;
125
110
ofs_key.close ();
126
- return true ;
127
111
}
128
112
129
- bool abe_crypto::import_sk (std::string rsa_sk_path){
113
+ void abe_crypto::import_sk (std::string rsa_sk_path){
130
114
// 导入rsa密钥文件并读取密钥
131
115
FILE *hPriKeyFile = fopen (rsa_sk_path.c_str (), " rb" );
132
116
if (hPriKeyFile == NULL )
133
117
{
134
- // assert(false);
135
- return false ;
118
+ ABE_ERROR2 (" read file failed, file_path=" , rsa_sk_path);
136
119
}
137
120
std::string strRet;
138
121
RSA *pRSAPriKey = RSA_new ();
@@ -141,11 +124,10 @@ bool abe_crypto::import_sk(std::string rsa_sk_path){
141
124
// assert(false);
142
125
RSA_free (pRSAPriKey);
143
126
fclose (hPriKeyFile);
144
- return false ;
127
+ ABE_ERROR2 ( " read rsa prikey failed, file_path= " , rsa_sk_path) ;
145
128
}
146
129
sk = pRSAPriKey;
147
130
fclose (hPriKeyFile);
148
- return true ;
149
131
}
150
132
151
133
RSA * abe_crypto::import_pk (const std::string cert_path, std::string &err_msg){
@@ -184,28 +166,24 @@ RSA * abe_crypto::import_pk(const std::string cert_path, std::string &err_msg){
184
166
return pk;
185
167
}
186
168
187
- bool abe_crypto::import_db_cert (std::string db_cert_path){
169
+ void abe_crypto::import_db_cert (std::string db_cert_path){
188
170
std::string err_msg;
189
171
RSA *pk = import_pk (db_cert_path, err_msg);
190
172
if (pk == NULL ){
191
173
err_msg += " :" + db_cert_path;
192
- ABE_ERROR (err_msg);
193
- return false ;
174
+ ABE_ERROR (err_msg.c_str ());
194
175
}
195
176
db_pk = pk;
196
- return true ;
197
177
}
198
178
199
- bool abe_crypto::import_kms_cert (std::string kms_cert_path){
179
+ void abe_crypto::import_kms_cert (std::string kms_cert_path){
200
180
std::string err_msg;
201
181
RSA *pk = import_pk (kms_cert_path, err_msg);
202
182
if (pk == NULL ){
203
183
err_msg += " :" + kms_cert_path;
204
- ABE_ERROR (err_msg);
205
- return false ;
184
+ ABE_ERROR (err_msg.c_str ());
206
185
}
207
186
kms_pk = pk;
208
- return true ;
209
187
}
210
188
211
189
abe_crypto::~abe_crypto (){
@@ -214,43 +192,41 @@ abe_crypto::~abe_crypto(){
214
192
if (sk != NULL ) RSA_free (sk);
215
193
}
216
194
217
- bool abe_crypto::verify_sig (RSA *pk, unsigned char * msg, size_t msg_length, unsigned char * sig, size_t sig_length){
195
+ void abe_crypto::verify_sig (RSA *pk, unsigned char * msg, size_t msg_length, unsigned char * sig, size_t sig_length){
218
196
unsigned char digest[SHA512_DIGEST_LENGTH];
219
197
// 对输入进行hash
220
198
SHA512 (msg, msg_length, digest);
221
199
222
200
// 对签名进行认证
223
201
int ret = RSA_verify (NID_sha512, digest, SHA512_DIGEST_LENGTH, sig, sig_length, pk);
224
202
if (ret != 1 ){
225
- ABE_ERROR (" verify error" );
226
203
unsigned long ulErr = ERR_get_error ();
227
204
char szErrMsg[1024 ] = {0 };
228
- ABE_ERROR2 (" error number:" , ulErr);
229
205
ERR_error_string (ulErr, szErrMsg); // 格式:error:errId:库:函数:原因
230
- std::cout << szErrMsg << std::endl;
231
- return false ;
206
+ ABE_ERROR2 (" abe_key verify error: " , szErrMsg);
232
207
}
233
- return true ;
234
208
235
209
}
236
210
237
- bool abe_crypto::verify_db_sig (const std::string msg, const std::string sig_b64){
211
+ void abe_crypto::verify_db_sig (const std::string msg, const std::string sig_b64){
238
212
// sig是base64编码,需要先解码
239
213
size_t sig_b64_length = sig_b64.length ();
240
214
unsigned char * sig = (unsigned char *)malloc (base64_utils::b64_dec_len (sig_b64_length));
241
215
size_t sig_length = base64_utils::b64_decode (sig_b64.c_str (), sig_b64_length, (char *)sig);
242
216
243
- if (!verify_sig (db_pk, (unsigned char *)msg.c_str (), msg.length (), sig, sig_length)){
217
+ try {
218
+ verify_sig (db_pk, (unsigned char *)msg.c_str (), msg.length (), sig, sig_length);
244
219
free (sig);
245
- ABE_ERROR (" db_sig: verify failed" );
246
- return false ;
220
+ }catch (const ::mysqlx::abe::Error& e){
221
+ free (sig);
222
+ ABE_ERROR2 (" db_sig:" , e.what ());
223
+ }catch (...){
224
+ free (sig);
225
+ ABE_ERROR (" nknown exception" );
247
226
}
248
- ABE_LOG (" db_sig: verify success" );
249
- free (sig);
250
- return true ;
251
227
}
252
228
253
- bool abe_crypto::verify_kms_sig (const std::string msg_b64, const std::string sig_b64){
229
+ void abe_crypto::verify_kms_sig (const std::string msg_b64, const std::string sig_b64){
254
230
255
231
// msg和sig都是base64编码,需要先解码
256
232
size_t msg_b64_length = msg_b64.length ();
@@ -261,17 +237,19 @@ bool abe_crypto::verify_kms_sig(const std::string msg_b64, const std::string sig
261
237
unsigned char * sig = (unsigned char *)malloc (base64_utils::b64_dec_len (sig_b64_length));
262
238
size_t sig_length = base64_utils::b64_decode (sig_b64.c_str (), sig_b64_length, (char *)sig);
263
239
264
- if (!verify_sig (kms_pk, msg, msg_length, sig, sig_length)){
240
+ try {
241
+ verify_sig (kms_pk, msg, msg_length, sig, sig_length);
265
242
free (msg);
266
243
free (sig);
267
- ABE_ERROR (" kms_sig: verify failed" );
268
- return false ;
244
+ }catch (const ::mysqlx::abe::Error& e){
245
+ free (msg);
246
+ free (sig);
247
+ ABE_ERROR2 (" kms_sig:" , e.what ());
248
+ }catch (...){
249
+ free (msg);
250
+ free (sig);
251
+ ABE_ERROR (" nknown exception" );
269
252
}
270
-
271
- ABE_LOG (" kms_sig: verify success" );
272
- free (msg);
273
- free (sig);
274
- return true ;
275
253
}
276
254
277
255
// 注意ct初始化时必须指定长度,否则ct.length会因为0x00而截断
0 commit comments