Gitiles
Code Review Sign In
gerrit.named-data.net / ChronoShare / 746d444c4997d8df31c0fb996c8acc832617c324 / . / ccnx / ccnx-verifier.cpp
blob: 6090274cf29374c43a5d70347e2841b88cc19eec [file] [log] [blame]
Zhenkai Zhudd1f14d2013-03-13 12:04:28 -0700[diff] [blame]1/* -*- Mode: C++; c-file-style: "gnu"; indent-tabs-mode:nil -*- */
2/*
3 * Copyright (c) 2013 University of California, Los Angeles
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation;
8 *
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, write to the Free Software
16 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
17 *
18 * Author: Zhenkai Zhu <zhenkai@cs.ucla.edu>
19 * Alexander Afanasyev <alexander.afanasyev@ucla.edu>
20 */
21
22#include "ccnx-verifier.h"
Zhenkai Zhu746d4442013-03-13 17:06:54 -0700[diff] [blame^]23#include "ccnx-wrapper.h"
Zhenkai Zhudd1f14d2013-03-13 12:04:28 -0700[diff] [blame]24
25namespace Ccnx {
26
27static const size_t ROOT_KEY_DIGEST_LEN = 32; // SHA-256
28static const unsigned char ROOT_KEY_DIGEST[ROOT_KEY_DIGEST_LEN] = {0xa7, 0xd9, 0x8b, 0x81, 0xde, 0x13, 0xfc,
290x56, 0xc5, 0xa6, 0x92, 0xb4, 0x44, 0x93, 0x6e, 0x56, 0x70, 0x9d, 0x52, 0x6f, 0x70,
300xed, 0x39, 0xef, 0xb5, 0xe2, 0x3, 0x29, 0xa5, 0x53, 0x3e, 0x68};
31
32Verifier::Verifier(CcnxWrapper *ccnx)
33 : m_ccnx(ccnx)
34 , m_rootKeyDigest(ROOT_KEY_DIGEST, ROOT_KEY_DIGEST_LEN)
35{
36}
37
38Verifier::~Verifier()
39{
40}
41
42bool
43Verifier::verify(const PcoPtr &pco)
44{
45 if (pco->integrityChecked())
46 {
47 return false;
48 }
49
50 HashPtr publisherPublicKeyDigest = pco->publisherPublicKeyDigest();
Zhenkai Zhu746d4442013-03-13 17:06:54 -0700[diff] [blame^]51
Zhenkai Zhudd1f14d2013-03-13 12:04:28 -0700[diff] [blame]52 {
Zhenkai Zhu746d4442013-03-13 17:06:54 -0700[diff] [blame^]53 UniqueRecLock lock(m_cacheLock);
54 CertCache::iterator it = m_certCache.find(*publisherPublicKeyDigest);
55 if (it != m_certCache.end())
Zhenkai Zhudd1f14d2013-03-13 12:04:28 -0700[diff] [blame]56 {
Zhenkai Zhu746d4442013-03-13 17:06:54 -0700[diff] [blame^]57 CertPtr cert = it->second;
58 if (cert->validity() == Cert::WITHIN_VALID_TIME_SPAN)
59 {
60 // integrity checked, and the key is trustworthy
61 pco->setVerified(true);
62 return true;
63 }
64 else
65 {
66 // delete the invalid cert cache
67 m_certCache.erase(it);
68 }
Zhenkai Zhudd1f14d2013-03-13 12:04:28 -0700[diff] [blame]69 }
70 }
71
72 // keyName is the name specified in key locator, i.e. without version and segment
73 Name keyName = pco->keyName();
74 int keyNameSize = keyName.size();
75
Zhenkai Zhu9dd9adc2013-03-13 16:12:09 -0700[diff] [blame]76 if (keyNameSize == 0)
77 {
78 return false;
79 }
80
Zhenkai Zhudd1f14d2013-03-13 12:04:28 -0700[diff] [blame]81 // for keys, we have to make sure key name is strictly prefix of the content name
82 if (pco->type() == ParsedContentObject::KEY)
83 {
84 Name contentName = pco->name();
85 if (keyNameSize >= contentName.size() || contentName.getPartialName(0, keyNameSize) != keyName)
86 {
87 return false;
88 }
89 }
90 else
91 {
92 // for now, user can assign any data using his key
93 }
94
95 Name metaName = keyName.getPartialName(0, keyNameSize - 1) + Name("/info") + keyName.getPartialName(keyNameSize - 1);
96
97 Selectors selectors;
98
99 selectors.childSelector(Selectors::RIGHT)
100 .interestLifetime(1.0);
101
102 PcoPtr keyObject = m_ccnx->get(keyName, selectors);
103 PcoPtr metaObject = m_ccnx->get(metaName, selectors);
104 if (!keyObject || !metaObject || !keyObject->integrityChecked() || !metaObject->integrityChecked())
105 {
106 return false;
107 }
108
109 HashPtr publisherKeyHashInKeyObject = keyObject->publisherPublicKeyDigest();
110 HashPtr publisherKeyHashInMetaObject = metaObject->publisherPublicKeyDigest();
111
112 // make sure key and meta are signed using the same key
113 if (publisherKeyHashInKeyObject->IsZero() || ! (*publisherKeyHashInKeyObject == *publisherKeyHashInMetaObject))
114 {
115 return false;
116 }
117
Zhenkai Zhu9dd9adc2013-03-13 16:12:09 -0700[diff] [blame]118 CertPtr cert = boost::make_shared<Cert>(keyObject, metaObject);
119 if (cert->validity() != Cert::WITHIN_VALID_TIME_SPAN)
Zhenkai Zhudd1f14d2013-03-13 12:04:28 -0700[diff] [blame]120 {
121 return false;
122 }
123
124 // check pco is actually signed by this key (maybe redundant)
Zhenkai Zhu9dd9adc2013-03-13 16:12:09 -0700[diff] [blame]125 if (! (*pco->publisherPublicKeyDigest() == cert->keyDigest()))
Zhenkai Zhudd1f14d2013-03-13 12:04:28 -0700[diff] [blame]126 {
127 return false;
128 }
129
Zhenkai Zhu9dd9adc2013-03-13 16:12:09 -0700[diff] [blame]130 // now we only need to make sure the key is trustworthy
131 if (cert->keyDigest() == m_rootKeyDigest)
Zhenkai Zhudd1f14d2013-03-13 12:04:28 -0700[diff] [blame]132 {
133 // the key is the root key
134 // do nothing now
135 }
136 else
137 {
138 // can not verify key
139 if (!verify(keyObject))
140 {
141 return false;
142 }
143 }
144
145 // ok, keyObject verified, because metaObject is signed by the same parent key and integrity checked
146 // so metaObject is also verified
Zhenkai Zhu746d4442013-03-13 17:06:54 -0700[diff] [blame^]147 {
148 UniqueRecLock lock(m_cacheLock);
149 m_certCache.insert(std::make_pair(cert->keyDigest(), cert));
150 }
Zhenkai Zhudd1f14d2013-03-13 12:04:28 -0700[diff] [blame]151
152 pco->setVerified(true);
153 return true;
154}
155
156} // Ccnx