Gitiles
Code Review Sign In
gerrit.named-data.net / ChronoShare / 9dd9adc1e0c640ea4022a7eb6bd0a8e8bf05154e / . / ccnx / ccnx-verifier.cpp
blob: cee45a92fdb0d246db9f846179111e92c7da037e [file] [log] [blame]
Zhenkai Zhudd1f14d2013-03-13 12:04:28 -0700[diff] [blame]1/* -*- Mode: C++; c-file-style: "gnu"; indent-tabs-mode:nil -*- */
2/*
3 * Copyright (c) 2013 University of California, Los Angeles
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation;
8 *
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, write to the Free Software
16 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
17 *
18 * Author: Zhenkai Zhu <zhenkai@cs.ucla.edu>
19 * Alexander Afanasyev <alexander.afanasyev@ucla.edu>
20 */
21
22#include "ccnx-verifier.h"
23
24namespace Ccnx {
25
26static const size_t ROOT_KEY_DIGEST_LEN = 32; // SHA-256
27static const unsigned char ROOT_KEY_DIGEST[ROOT_KEY_DIGEST_LEN] = {0xa7, 0xd9, 0x8b, 0x81, 0xde, 0x13, 0xfc,
280x56, 0xc5, 0xa6, 0x92, 0xb4, 0x44, 0x93, 0x6e, 0x56, 0x70, 0x9d, 0x52, 0x6f, 0x70,
290xed, 0x39, 0xef, 0xb5, 0xe2, 0x3, 0x29, 0xa5, 0x53, 0x3e, 0x68};
30
31Verifier::Verifier(CcnxWrapper *ccnx)
32 : m_ccnx(ccnx)
33 , m_rootKeyDigest(ROOT_KEY_DIGEST, ROOT_KEY_DIGEST_LEN)
34{
35}
36
37Verifier::~Verifier()
38{
39}
40
41bool
42Verifier::verify(const PcoPtr &pco)
43{
44 if (pco->integrityChecked())
45 {
46 return false;
47 }
48
49 HashPtr publisherPublicKeyDigest = pco->publisherPublicKeyDigest();
Zhenkai Zhu9dd9adc2013-03-13 16:12:09 -0700[diff] [blame^]50 CertCache::iterator it = m_certCache.find(*publisherPublicKeyDigest);
51 if (it != m_certCache.end())
Zhenkai Zhudd1f14d2013-03-13 12:04:28 -0700[diff] [blame]52 {
Zhenkai Zhu9dd9adc2013-03-13 16:12:09 -0700[diff] [blame^]53 CertPtr cert = it->second;
54 if (cert->validity() == Cert::WITHIN_VALID_TIME_SPAN)
Zhenkai Zhudd1f14d2013-03-13 12:04:28 -0700[diff] [blame]55 {
56 // integrity checked, and the key is trustworthy
57 pco->setVerified(true);
58 return true;
59 }
60 else
61 {
Zhenkai Zhu9dd9adc2013-03-13 16:12:09 -0700[diff] [blame^]62 // delete the invalid cert cache
63 m_certCache.erase(it);
Zhenkai Zhudd1f14d2013-03-13 12:04:28 -0700[diff] [blame]64 }
65 }
66
67 // keyName is the name specified in key locator, i.e. without version and segment
68 Name keyName = pco->keyName();
69 int keyNameSize = keyName.size();
70
Zhenkai Zhu9dd9adc2013-03-13 16:12:09 -0700[diff] [blame^]71 if (keyNameSize == 0)
72 {
73 return false;
74 }
75
Zhenkai Zhudd1f14d2013-03-13 12:04:28 -0700[diff] [blame]76 // for keys, we have to make sure key name is strictly prefix of the content name
77 if (pco->type() == ParsedContentObject::KEY)
78 {
79 Name contentName = pco->name();
80 if (keyNameSize >= contentName.size() || contentName.getPartialName(0, keyNameSize) != keyName)
81 {
82 return false;
83 }
84 }
85 else
86 {
87 // for now, user can assign any data using his key
88 }
89
90 Name metaName = keyName.getPartialName(0, keyNameSize - 1) + Name("/info") + keyName.getPartialName(keyNameSize - 1);
91
92 Selectors selectors;
93
94 selectors.childSelector(Selectors::RIGHT)
95 .interestLifetime(1.0);
96
97 PcoPtr keyObject = m_ccnx->get(keyName, selectors);
98 PcoPtr metaObject = m_ccnx->get(metaName, selectors);
99 if (!keyObject || !metaObject || !keyObject->integrityChecked() || !metaObject->integrityChecked())
100 {
101 return false;
102 }
103
104 HashPtr publisherKeyHashInKeyObject = keyObject->publisherPublicKeyDigest();
105 HashPtr publisherKeyHashInMetaObject = metaObject->publisherPublicKeyDigest();
106
107 // make sure key and meta are signed using the same key
108 if (publisherKeyHashInKeyObject->IsZero() || ! (*publisherKeyHashInKeyObject == *publisherKeyHashInMetaObject))
109 {
110 return false;
111 }
112
Zhenkai Zhu9dd9adc2013-03-13 16:12:09 -0700[diff] [blame^]113 CertPtr cert = boost::make_shared<Cert>(keyObject, metaObject);
114 if (cert->validity() != Cert::WITHIN_VALID_TIME_SPAN)
Zhenkai Zhudd1f14d2013-03-13 12:04:28 -0700[diff] [blame]115 {
116 return false;
117 }
118
119 // check pco is actually signed by this key (maybe redundant)
Zhenkai Zhu9dd9adc2013-03-13 16:12:09 -0700[diff] [blame^]120 if (! (*pco->publisherPublicKeyDigest() == cert->keyDigest()))
Zhenkai Zhudd1f14d2013-03-13 12:04:28 -0700[diff] [blame]121 {
122 return false;
123 }
124
Zhenkai Zhu9dd9adc2013-03-13 16:12:09 -0700[diff] [blame^]125 // now we only need to make sure the key is trustworthy
126 if (cert->keyDigest() == m_rootKeyDigest)
Zhenkai Zhudd1f14d2013-03-13 12:04:28 -0700[diff] [blame]127 {
128 // the key is the root key
129 // do nothing now
130 }
131 else
132 {
133 // can not verify key
134 if (!verify(keyObject))
135 {
136 return false;
137 }
138 }
139
140 // ok, keyObject verified, because metaObject is signed by the same parent key and integrity checked
141 // so metaObject is also verified
Zhenkai Zhu9dd9adc2013-03-13 16:12:09 -0700[diff] [blame^]142 m_certCache.insert(std::make_pair(cert->keyDigest(), cert));
Zhenkai Zhudd1f14d2013-03-13 12:04:28 -0700[diff] [blame]143
144 pco->setVerified(true);
145 return true;
146}
147
148} // Ccnx