Gitiles
Code Review Sign In
gerrit.named-data.net / NLSR / eb764c5c0fc83d68f2574c052653a1545b6b3c8f / . / src / security / nlsr_km.hpp
blob: 5fa7ec646dcec04e24267283b30263bc925e3cfc [file] [log] [blame]
akmhoqueba094742014-02-28 11:47:21 -0600[diff] [blame]1#ifndef NLSR_KM_HPP
2#define NLSR_KM_HPP
3
4#include <ndn-cpp-dev/face.hpp>
5#include <ndn-cpp-dev/data.hpp>
6#include <ndn-cpp-dev/security/key-chain.hpp>
7#include <ndn-cpp-dev/security/validator.hpp>
akmhoqueba094742014-02-28 11:47:21 -0600[diff] [blame]8#include <ndn-cpp-dev/util/random.hpp>
9#include <ndn-cpp-dev/security/identity-certificate.hpp>
akmhoqueba094742014-02-28 11:47:21 -0600[diff] [blame]10#include <list>
11#include "nlsr_conf_param.hpp"
akmhoqueeb764c52014-03-11 16:01:09 -0500[diff] [blame^]12#include "nlsr_cert_store.hpp"
13#include "utility/nlsr_tokenizer.hpp"
akmhoqueba094742014-02-28 11:47:21 -0600[diff] [blame]14
15namespace nlsr
16{
17 enum nlsrKeyType
18 {
19 KEY_TYPE_ROOT,
20 KEY_TYPE_SITE,
21 KEY_TYPE_OPERATOR,
22 KEY_TYPE_ROUTER,
akmhoqueeb764c52014-03-11 16:01:09 -0500[diff] [blame^]23 KEY_TYPE_PROCESS,
24 KEY_TYPE_UNKNOWN
25 };
26
27 enum nlsrContentType
28 {
29 CONTENT_TYPE_DATA,
30 CONTENT_TYPE_CERT
akmhoqueba094742014-02-28 11:47:21 -0600[diff] [blame]31 };
32
33 class KeyManager: public ndn::KeyChain, public ndn::Validator
34 {
35 typedef SecPublicInfo::Error InfoError;
36 typedef SecTpm::Error TpmError;
37 public:
38 KeyManager()
39 : certSeqNo(1)
akmhoqueeb764c52014-03-11 16:01:09 -0500[diff] [blame^]40 , certStore()
41 , nlsrRootKeyPrefix()
akmhoqueba094742014-02-28 11:47:21 -0600[diff] [blame]42 {
43 }
44
akmhoqueeb764c52014-03-11 16:01:09 -0500[diff] [blame^]45 bool initKeyManager(ConfParameter &cp);
46
47
akmhoqueba094742014-02-28 11:47:21 -0600[diff] [blame]48
49 void
50 checkPolicy (const ndn::Data& data,
51 int stepCount,
52 const ndn::OnDataValidated &onValidated,
53 const ndn::OnDataValidationFailed &onValidationFailed,
54 std::vector<ndn::shared_ptr<ndn::ValidationRequest> > &nextSteps)
55 {}
56
57 void
58 checkPolicy (const ndn::Interest& interest,
59 int stepCount,
60 const ndn::OnInterestValidated &onValidated,
61 const ndn::OnInterestValidationFailed &onValidationFailed,
62 std::vector<ndn::shared_ptr<ndn::ValidationRequest> > &nextSteps)
63 {}
64
65 void signData(ndn::Data& data)
66 {
akmhoqueeb764c52014-03-11 16:01:09 -0500[diff] [blame^]67 ndn::KeyChain::signByIdentity(data,processIdentity);
68 }
69
70 template<typename T>
71 void signByIdentity(T& packet, ndn::Name signeeIdentity)
72 {
73 ndn::KeyChain::signByIdentity(packet,signeeIdentity);
akmhoqueba094742014-02-28 11:47:21 -0600[diff] [blame]74 }
75
76 ndn::shared_ptr<ndn::IdentityCertificate>
77 getCertificate(ndn::Name certificateName)
78 {
akmhoqueeb764c52014-03-11 16:01:09 -0500[diff] [blame^]79 return ndn::KeyChain::getCertificate(certificateName);
80 }
81
82 ndn::shared_ptr<ndn::IdentityCertificate>
83 getCertificate()
84 {
85 return getCertificate(processCertName);
86 }
87
88 ndn::Name
89 createIdentity(const ndn::Name identityName)
90 {
91 return ndn::KeyChain::createIdentity(identityName);
akmhoqueba094742014-02-28 11:47:21 -0600[diff] [blame]92 }
93
94 ndn::Name
95 createIdentity(const ndn::Name identityName, const ndn::Name signee)
96 {
97 ndn::KeyChain::addIdentity(identityName);
98 ndn::Name keyName;
99 try
100 {
101 keyName = ndn::KeyChain::getDefaultKeyNameForIdentity(identityName);
102 }
103 catch(InfoError& e)
104 {
105 keyName = ndn::KeyChain::generateRSAKeyPairAsDefault(identityName, true);
106 }
107 ndn::shared_ptr<ndn::PublicKey> pubKey;
108 try
109 {
110 pubKey = ndn::KeyChain::getPublicKey(keyName);
111 }
112 catch(InfoError& e)
113 {
114 //return ndn::shared_ptr<ndn::IdentityCertificate>()->getName();
115 return identityName;
116 }
117 ndn::Name certName;
118 try
119 {
120 certName = ndn::KeyChain::getDefaultCertificateNameForKey(keyName);
121 }
122 catch(InfoError& e)
123 {
124 ndn::shared_ptr<ndn::IdentityCertificate> certificate =
125 ndn::make_shared<ndn::IdentityCertificate>();
126 ndn::Name certificateName = keyName.getPrefix(-1);
127 certificateName.append("KEY").append(
128 keyName.get(-1)).append("ID-CERT").appendVersion();
129 certificate->setName(certificateName);
130 certificate->setNotBefore(ndn::getNow());
131 certificate->setNotAfter(ndn::getNow() + 31536000 /* 1 year*/);
132 certificate->setPublicKeyInfo(*pubKey);
133 certificate->addSubjectDescription(
134 ndn::CertificateSubjectDescription("2.5.4.41",
135 keyName.toUri()));
136 certificate->encode();
137 try
138 {
139 ndn::KeyChain::signByIdentity(*certificate,signee);
140 }
141 catch(InfoError& e)
142 {
143 try
144 {
145 ndn::KeyChain::deleteIdentity(identityName);
146 }
147 catch(InfoError& e)
148 {
149 }
150 return identityName;
151 }
152 certName=certificate->getName();
153 }
154 return certName;
155 }
akmhoqueeb764c52014-03-11 16:01:09 -0500[diff] [blame^]156
157 void printCertStore()
158 {
159 certStore.printCertStore();
160 }
161
162 private:
163 bool
164 verifyDataPacket(ndn::Data packet)
165 {
166 ndn::SignatureSha256WithRsa signature(packet.getSignature());
167 std::string signingCertName=signature.getKeyLocator().getName().toUri();
168 std::string packetName=packet.getName().toUri();
169
170 std::pair<ndn::shared_ptr<ndn::IdentityCertificate>, bool> signee=
171 certStore.getCertificateFromStore(signingCertName);
172 if( signee.second )
173 {
174 return ( getRouterName(signingCertName)== getRouterName(packetName)
175 && verifySignature(packet, signee.first->getPublicKeyInfo()));
176 }
177
178 return false;
179 }
180
181 bool
182 verifyCertPacket(ndn::IdentityCertificate packet)
183 {
184 return true;
185 }
186
187 template<typename T>
188 bool
189 verify(T& packet , nlsrContentType contentType,
190 nlsrKeyType signingKeyType)
191 {
192 switch(contentType)
193 {
194 case CONTENT_TYPE_DATA:
195 return verifyDataPacket(packet);
196 break;
197 case CONTENT_TYPE_CERT:
198 return verifyCertPacket(packet);
199 break;
200 }
201
202 return false;
203 }
204
205 public:
206 template<typename T>
207 bool
208 verify(T& packet )
209 {
210 ndn::SignatureSha256WithRsa signature(packet.getSignature());
211 std::string signingKeyName=signature.getKeyLocator().getName().toUri();
212 std::string packetName=packet.getName().toUri();
213 nlsrTokenizer nt(packetName,"/");
214 std::string keyHandle("keys");
215 if ( nt.doesTokenExist(keyHandle) )
216 {
217 return verify(packet, CONTENT_TYPE_CERT,
218 getKeyTypeFromName(signingKeyName));
219 }
220 else
221 {
222 return verify(packet, CONTENT_TYPE_DATA,
223 getKeyTypeFromName(signingKeyName));
224 }
225
226 return false;
227 }
akmhoqueba094742014-02-28 11:47:21 -0600[diff] [blame]228
akmhoqueeb764c52014-03-11 16:01:09 -0500[diff] [blame^]229 ndn::Name getProcessCertName();
akmhoqueba094742014-02-28 11:47:21 -0600[diff] [blame]230 ndn::Name getRouterCertName();
akmhoqueeb764c52014-03-11 16:01:09 -0500[diff] [blame^]231 ndn::Name getOperatorCertName();
232 ndn::Name getSiteCertName();
233 ndn::Name getRootCertName();
akmhoqueba094742014-02-28 11:47:21 -0600[diff] [blame]234
235 uint32_t getCertSeqNo();
236 void setCerSeqNo(uint32_t csn);
237 void initCertSeqFromFile(string certSeqFileDir);
238 void writeCertSeqToFile();
akmhoqueeb764c52014-03-11 16:01:09 -0500[diff] [blame^]239 bool isNewCertificate(std::string certName, int checkSeqNum);
240 std::pair<ndn::shared_ptr<ndn::IdentityCertificate>, bool>
241 getCertificateFromStore(const std::string certName, int checkSeqNum);
242 std::pair<ndn::shared_ptr<ndn::IdentityCertificate>, bool>
243 getCertificateFromStore(const std::string certName);
244 bool addCertificate(ndn::shared_ptr<ndn::IdentityCertificate> pcert
245 , uint32_t csn, bool isv);
246
247
248 private:
249 bool loadAllCertificates(std::string certDirPath);
250 bool loadCertificate(std::string inputFile, nlsrKeyType keyType);
251 nlsrKeyType getKeyTypeFromName(const std::string keyName);
252 std::string getRouterName(const std::string name);
253 std::string getSiteName(const std::string name);
akmhoqueba094742014-02-28 11:47:21 -0600[diff] [blame]254
255 private:
akmhoqueeb764c52014-03-11 16:01:09 -0500[diff] [blame^]256 ndn::Name processIdentity;
akmhoqueba094742014-02-28 11:47:21 -0600[diff] [blame]257 ndn::Name routerIdentity;
akmhoqueeb764c52014-03-11 16:01:09 -0500[diff] [blame^]258 ndn::Name processCertName;
akmhoqueba094742014-02-28 11:47:21 -0600[diff] [blame]259 ndn::Name routerCertName;
akmhoqueeb764c52014-03-11 16:01:09 -0500[diff] [blame^]260 ndn::Name opCertName;
261 ndn::Name siteCertName;
262 ndn::Name rootCertName;
263 ndn::Name processKeyName;
akmhoqueba094742014-02-28 11:47:21 -0600[diff] [blame]264 uint32_t certSeqNo;
265 string certSeqFileNameWithPath;
akmhoqueeb764c52014-03-11 16:01:09 -0500[diff] [blame^]266 string nlsrRootKeyPrefix;
267 NlsrCertificateStore certStore;
akmhoqueba094742014-02-28 11:47:21 -0600[diff] [blame]268
269 };
270}
271
272#endif