Gitiles
Code Review Sign In
gerrit.named-data.net / NLSR / fa8ee9b314ef56859a601cbd4000d86e55db1d05 / . / src / security / nlsr_km.cpp
blob: 183e934dc554e6320c727b3f0026025ca7ebb208 [file] [log] [blame]
akmhoqueba094742014-02-28 11:47:21 -0600[diff] [blame]1#include <ndn-cpp-dev/security/identity-certificate.hpp>
2#include <ndn-cpp-dev/encoding/block.hpp>
akmhoqueeb764c52014-03-11 16:01:09 -0500[diff] [blame]3#include <ndn-cpp-dev/util/io.hpp>
4#include <stdexcept>
akmhoqueba094742014-02-28 11:47:21 -0600[diff] [blame]5#include "nlsr_sm.hpp"
6#include "nlsr_km.hpp"
akmhoquefa8ee9b2014-03-14 09:06:24 -0500[diff] [blame^]7#include "nlsr.hpp"
akmhoqueba094742014-02-28 11:47:21 -0600[diff] [blame]8
9namespace nlsr
10{
akmhoque5a44dd42014-03-12 18:11:32 -0500[diff] [blame]11 bool
12 KeyManager::initKeyManager(ConfParameter &cp)
13 {
14 initCertSeqFromFile(cp.getSeqFileDir());
15 if( !loadAllCertificates(cp.getCertDir()) )
akmhoqueba094742014-02-28 11:47:21 -0600[diff] [blame]16 {
akmhoque5a44dd42014-03-12 18:11:32 -0500[diff] [blame]17 return false;
akmhoqueeb764c52014-03-11 16:01:09 -0500[diff] [blame]18 }
akmhoque5a44dd42014-03-12 18:11:32 -0500[diff] [blame]19 nlsrRootKeyPrefix=cp.getRootKeyPrefix();
20 string processIdentityName(cp.getRootKeyPrefix());
21 processIdentityName += "/";
22 processIdentityName += cp.getSiteName();
23 processIdentityName += "/";
24 processIdentityName += "R.Start";
25 processIdentityName += "/";
26 processIdentityName += cp.getRouterName();
27 ndn::Name ri(processIdentityName);
28 std::cout<<"Router Identity: "<<ri.toUri()<<std::endl;
29 routerIdentity=ri;
30 processIdentityName += "/";
31 processIdentityName += "nlsr";
32 cout<<"Proces Identity Name: "<<processIdentityName<<endl;
33 ndn::Name identityName(processIdentityName);
34 processIdentity=identityName;
35 ndn::KeyChain::deleteIdentity(processIdentity);
36 processCertName = ndn::KeyChain::createIdentity(processIdentity);
37 cout<<"Certificate Name: "<<processCertName.toUri()<<endl;
akmhoquefa8ee9b2014-03-14 09:06:24 -0500[diff] [blame^]38 processKeyName=processCertName.getPrefix(-2);
akmhoque5a44dd42014-03-12 18:11:32 -0500[diff] [blame]39 cout<<"Key Name: "<<processKeyName.toUri()<<endl;
akmhoquefa8ee9b2014-03-14 09:06:24 -0500[diff] [blame^]40 ndn::shared_ptr<ndn::IdentityCertificate> cert =
41 getCertificate(processCertName);
akmhoque5a44dd42014-03-12 18:11:32 -0500[diff] [blame]42 signByIdentity(*(cert),routerIdentity);
43 certStore.addCertificate(cert, certSeqNo, true);
akmhoquefa8ee9b2014-03-14 09:06:24 -0500[diff] [blame^]44 certStore.printCertStore();
akmhoque5a44dd42014-03-12 18:11:32 -0500[diff] [blame]45 return true;
46 }
akmhoqueba094742014-02-28 11:47:21 -0600[diff] [blame]47
akmhoque5a44dd42014-03-12 18:11:32 -0500[diff] [blame]48 bool
49 KeyManager::loadAllCertificates(std::string certDirPath)
50 {
51 std::string filePath=certDirPath;
52 if(filePath.empty())
akmhoqueeb764c52014-03-11 16:01:09 -0500[diff] [blame]53 {
akmhoque5a44dd42014-03-12 18:11:32 -0500[diff] [blame]54 SequencingManager sm;
55 filePath=sm.getUserHomeDirectory();
56 filePath+="/nlsrCertDir";
akmhoqueeb764c52014-03-11 16:01:09 -0500[diff] [blame]57 }
akmhoque5a44dd42014-03-12 18:11:32 -0500[diff] [blame]58 return loadCertificate(filePath+"/root.cert", KEY_TYPE_ROOT)
59 && loadCertificate(filePath+"/site.cert", KEY_TYPE_SITE)
60 && loadCertificate(filePath+"/operator.cert", KEY_TYPE_OPERATOR)
61 && loadCertificate(filePath+"/router.cert", KEY_TYPE_ROUTER) ;
62 }
akmhoqueba094742014-02-28 11:47:21 -0600[diff] [blame]63
akmhoque5a44dd42014-03-12 18:11:32 -0500[diff] [blame]64 bool
65 KeyManager::loadCertificate(std::string inputFile, nlsrKeyType keyType)
66 {
67 try
akmhoqueba094742014-02-28 11:47:21 -0600[diff] [blame]68 {
akmhoque5a44dd42014-03-12 18:11:32 -0500[diff] [blame]69 ndn::shared_ptr<ndn::IdentityCertificate> cert =
70 ndn::io::load<ndn::IdentityCertificate>(inputFile, ndn::io::BASE_64);
71 ndn::Name certName=cert->getName();
72 switch(keyType)
73 {
74 case KEY_TYPE_ROOT:
75 certStore.addCertificate(cert, 10, true);
76 rootCertName=certName;
akmhoquefa8ee9b2014-03-14 09:06:24 -0500[diff] [blame^]77 std::cout<<"Root Cert: "<<rootCertName<<std::endl;
akmhoque5a44dd42014-03-12 18:11:32 -0500[diff] [blame]78 break;
79 case KEY_TYPE_SITE:
80 certStore.addCertificate(cert, 10, true);
81 siteCertName=certName;
akmhoquefa8ee9b2014-03-14 09:06:24 -0500[diff] [blame^]82 std::cout<<"Site Cert: "<<siteCertName<<std::endl;
akmhoque5a44dd42014-03-12 18:11:32 -0500[diff] [blame]83 break;
84 case KEY_TYPE_OPERATOR:
85 certStore.addCertificate(cert, 10, true);
86 opCertName=certName;
akmhoquefa8ee9b2014-03-14 09:06:24 -0500[diff] [blame^]87 std::cout<<"Operator Cert: "<<opCertName<<std::endl;
akmhoque5a44dd42014-03-12 18:11:32 -0500[diff] [blame]88 break;
89 case KEY_TYPE_ROUTER:
90 certStore.addCertificate(cert, certSeqNo, true);
91 routerCertName=certName;
akmhoquefa8ee9b2014-03-14 09:06:24 -0500[diff] [blame^]92 std::cout<<"Router Cert: "<<routerCertName<<std::endl;
akmhoque5a44dd42014-03-12 18:11:32 -0500[diff] [blame]93 break;
94 case KEY_TYPE_PROCESS:
95 certStore.addCertificate(cert, certSeqNo, true);
96 processCertName=certName;
akmhoquefa8ee9b2014-03-14 09:06:24 -0500[diff] [blame^]97 std::cout<<"Process Cert: "<<processCertName<<std::endl;
akmhoque5a44dd42014-03-12 18:11:32 -0500[diff] [blame]98 break;
99 default:
100 break;
101 }
102 return true;
akmhoqueba094742014-02-28 11:47:21 -0600[diff] [blame]103 }
akmhoque5a44dd42014-03-12 18:11:32 -0500[diff] [blame]104 catch(std::exception& e)
105 {
106 return false;
107 }
108 return false;
109 }
akmhoqueba094742014-02-28 11:47:21 -0600[diff] [blame]110
akmhoque5a44dd42014-03-12 18:11:32 -0500[diff] [blame]111 ndn::Name
112 KeyManager::getProcessCertName()
113 {
114 return processCertName;
115 }
akmhoqueba094742014-02-28 11:47:21 -0600[diff] [blame]116
akmhoque5a44dd42014-03-12 18:11:32 -0500[diff] [blame]117 ndn::Name
118 KeyManager::getRouterCertName()
119 {
120 return routerCertName;
121 }
akmhoqueba094742014-02-28 11:47:21 -0600[diff] [blame]122
akmhoque5a44dd42014-03-12 18:11:32 -0500[diff] [blame]123 ndn::Name
124 KeyManager::getOperatorCertName()
125 {
126 return opCertName;
127 }
128
129 ndn::Name
130 KeyManager::getSiteCertName()
131 {
132 return siteCertName;
133 }
134
135 ndn::Name
136 KeyManager::getRootCertName()
137 {
138 return rootCertName;
139 }
140
141 uint32_t
142 KeyManager::getCertSeqNo()
143 {
144 return certSeqNo;
145 }
146
147 void
148 KeyManager::setCerSeqNo(uint32_t csn)
149 {
150 certSeqNo=csn;
151 }
152
153 void
154 KeyManager::initCertSeqFromFile(string certSeqFileDir)
155 {
156 certSeqFileNameWithPath=certSeqFileDir;
157 if( certSeqFileNameWithPath.empty() )
akmhoqueba094742014-02-28 11:47:21 -0600[diff] [blame]158 {
akmhoque5a44dd42014-03-12 18:11:32 -0500[diff] [blame]159 SequencingManager sm;
160 certSeqFileNameWithPath=sm.getUserHomeDirectory();
akmhoqueba094742014-02-28 11:47:21 -0600[diff] [blame]161 }
akmhoque5a44dd42014-03-12 18:11:32 -0500[diff] [blame]162 certSeqFileNameWithPath += "/nlsrCertSeqNo.txt";
163 cout<<"Key Seq File Name: "<< certSeqFileNameWithPath<<endl;
164 std::ifstream inputFile(certSeqFileNameWithPath.c_str(),ios::binary);
165 if ( inputFile.good() )
akmhoqueeb764c52014-03-11 16:01:09 -0500[diff] [blame]166 {
akmhoque5a44dd42014-03-12 18:11:32 -0500[diff] [blame]167 inputFile>>certSeqNo;
168 certSeqNo++;
akmhoqueeb764c52014-03-11 16:01:09 -0500[diff] [blame]169 }
akmhoque5a44dd42014-03-12 18:11:32 -0500[diff] [blame]170 else
akmhoqueeb764c52014-03-11 16:01:09 -0500[diff] [blame]171 {
akmhoque5a44dd42014-03-12 18:11:32 -0500[diff] [blame]172 certSeqNo=1;
akmhoqueeb764c52014-03-11 16:01:09 -0500[diff] [blame]173 }
akmhoque5a44dd42014-03-12 18:11:32 -0500[diff] [blame]174 writeCertSeqToFile();
175 }
176
177 void
178 KeyManager::writeCertSeqToFile()
179 {
180 std::ofstream outputFile(certSeqFileNameWithPath.c_str(),ios::binary);
181 outputFile<<certSeqNo;
182 outputFile.close();
183 }
184
185 bool
186 KeyManager::isNewCertificate(std::string certName, int checkSeqNum)
187 {
188 return certStore.isCertificateNewInStore(certName,checkSeqNum);
189 }
190
191 std::pair<ndn::shared_ptr<ndn::IdentityCertificate>, bool>
192 KeyManager::getCertificateFromStore(const std::string certName, int checkSeqNum)
193 {
194 return certStore.getCertificateFromStore(certName, checkSeqNum);
195 }
196
akmhoquefa8ee9b2014-03-14 09:06:24 -0500[diff] [blame^]197 std::pair<ndn::shared_ptr<ndn::IdentityCertificate>, bool>
198 KeyManager::getCertificateFromStore(const std::string certName)
199 {
200 return certStore.getCertificateFromStore(certName);
201 }
202
akmhoque5a44dd42014-03-12 18:11:32 -0500[diff] [blame]203 bool
204 KeyManager::addCertificate(ndn::shared_ptr<ndn::IdentityCertificate> pcert
205 , uint32_t csn, bool isv)
206 {
207 return certStore.addCertificate(pcert, csn, isv);
208 }
akmhoquefa8ee9b2014-03-14 09:06:24 -0500[diff] [blame^]209
210 std::pair<uint32_t, bool>
211 KeyManager::getCertificateSeqNum(std::string certName)
212 {
213 return certStore.getCertificateSeqNum(certName);
214 }
akmhoque5a44dd42014-03-12 18:11:32 -0500[diff] [blame]215
216 nlsrKeyType
217 KeyManager::getKeyTypeFromName(const std::string keyName)
218 {
219 nlsrTokenizer nt(keyName,"/");
220 std::string KEY("KEY");
221 std::string opHandle("O.Start");
222 std::string routerHandle("R.Start");
223 std::string processHandle("nlsr");
224 if ( nt.getTokenString(0,nt.getTokenPosition(KEY)-1) == nlsrRootKeyPrefix)
akmhoqueeb764c52014-03-11 16:01:09 -0500[diff] [blame]225 {
akmhoque5a44dd42014-03-12 18:11:32 -0500[diff] [blame]226 return KEY_TYPE_ROOT;
akmhoqueeb764c52014-03-11 16:01:09 -0500[diff] [blame]227 }
akmhoque5a44dd42014-03-12 18:11:32 -0500[diff] [blame]228 else if ( nt.doesTokenExist(opHandle) )
akmhoqueeb764c52014-03-11 16:01:09 -0500[diff] [blame]229 {
akmhoque5a44dd42014-03-12 18:11:32 -0500[diff] [blame]230 return KEY_TYPE_OPERATOR;
akmhoqueeb764c52014-03-11 16:01:09 -0500[diff] [blame]231 }
akmhoque5a44dd42014-03-12 18:11:32 -0500[diff] [blame]232 else if ( nt.doesTokenExist(routerHandle) &&
233 nt.doesTokenExist(processHandle))
akmhoqueeb764c52014-03-11 16:01:09 -0500[diff] [blame]234 {
akmhoque5a44dd42014-03-12 18:11:32 -0500[diff] [blame]235 return KEY_TYPE_PROCESS;
akmhoqueeb764c52014-03-11 16:01:09 -0500[diff] [blame]236 }
akmhoque5a44dd42014-03-12 18:11:32 -0500[diff] [blame]237 else if ( nt.doesTokenExist(routerHandle) &&
238 !nt.doesTokenExist(processHandle))
akmhoqueeb764c52014-03-11 16:01:09 -0500[diff] [blame]239 {
akmhoque5a44dd42014-03-12 18:11:32 -0500[diff] [blame]240 return KEY_TYPE_ROUTER;
241 }
242 else
243 {
244 return KEY_TYPE_SITE;
245 }
246 }
247
248 std::string
249 KeyManager::getRouterName(const std::string name)
250 {
251 std::string routerName;
252 std::string rkp(nlsrRootKeyPrefix);
253 nlsrTokenizer ntRkp(rkp,"/");
254 nlsrTokenizer nt(name,"/");
255 std::string KEY("KEY");
256 std::string opHandle("O.Start");
257 std::string routerHandle("R.Start");
258 std::string processHandle("nlsr");
259 std::string infoHandle("info");
260 std::string lsaHandle("LSA");
261 if ( nt.doesTokenExist(processHandle) && nt.doesTokenExist(routerHandle))
262 {
263 routerName="/ndn" +
264 nt.getTokenString(ntRkp.getTokenNumber(),
265 nt.getTokenPosition(routerHandle)-1) +
266 nt.getTokenString(nt.getTokenPosition(routerHandle)+1,
267 nt.getTokenPosition(processHandle)-1);
268 }
269 else if(nt.doesTokenExist(routerHandle) && !nt.doesTokenExist(infoHandle)
270 && !nt.doesTokenExist(lsaHandle))
271 {
272 routerName="/ndn" +
273 nt.getTokenString(ntRkp.getTokenNumber(),
274 nt.getTokenPosition(routerHandle)-1) +
275 nt.getTokenString(nt.getTokenPosition(routerHandle)+1,
276 nt.getTokenPosition(KEY)-1);
277 }
278 else
279 {
280 if (nt.doesTokenExist(infoHandle) )
281 {
282 routerName=nt.getTokenString(0,nt.getTokenPosition(infoHandle)-1);
283 }
284 else
285 {
286 routerName=nt.getTokenString(nt.getTokenPosition(lsaHandle)+1,
287 nt.getTokenNumber()-4);
288 }
289 }
290 return routerName;
291 }
292
293 std::string
294 KeyManager::getSiteName(const std::string name)
295 {
296 std::string siteName;
297 std::string routerName;
298 std::string rkp(nlsrRootKeyPrefix);
299 nlsrTokenizer ntRkp(rkp,"/");
300 nlsrTokenizer nt(name,"/");
301 std::string KEY("KEY");
302 std::string opHandle("O.Start");
303 std::string routerHandle("R.Start");
304 if ( nt.doesTokenExist(routerHandle) )
305 {
306 siteName="/ndn" + nt.getTokenString(ntRkp.getTokenNumber(),
307 nt.getTokenPosition(routerHandle) -1);
308 }
309 else if ( nt.doesTokenExist(opHandle) )
310 {
311 siteName="/ndn" + nt.getTokenString(ntRkp.getTokenNumber(),
akmhoqueeb764c52014-03-11 16:01:09 -0500[diff] [blame]312 nt.getTokenPosition(opHandle) -1);
akmhoqueeb764c52014-03-11 16:01:09 -0500[diff] [blame]313 }
akmhoque5a44dd42014-03-12 18:11:32 -0500[diff] [blame]314 else
315 {
316 siteName="/ndn" + nt.getTokenString(ntRkp.getTokenNumber(),
317 nt.getTokenPosition(KEY) -1);
318 }
319 return siteName;
320 }
akmhoquefa8ee9b2014-03-14 09:06:24 -0500[diff] [blame^]321
322 std::string
323 KeyManager::getRootName(const std::string name)
324 {
325 std::string rName;
326 nlsrTokenizer nt(name,"/");
327 std::string rkp(nlsrRootKeyPrefix);
328 nlsrTokenizer ntRkp(rkp,"/");
329 rName=nt.getTokenString(0,ntRkp.getTokenNumber()-1);
330 return rName;
331 }
332
333
334 bool
335 KeyManager::verifyCertPacket(Nlsr& pnlsr, ndn::IdentityCertificate& packet)
336 {
337 std::cout<<"KeyManager::verifyCertPacket Called"<<std::endl;
338 ndn::SignatureSha256WithRsa signature(packet.getSignature());
339 std::string signingCertName=signature.getKeyLocator().getName().toUri();
340 std::string packetName=packet.getName().toUri();
341
342 std::cout<<"Packet Name: "<<packetName<<std::endl;
343 std::cout<<"Signee Name: "<<signingCertName<<std::endl;
344
345 int paketCertType=getKeyTypeFromName(packetName);
346 int signingCertType=getKeyTypeFromName(signingCertName);
347
348 if( signingCertType > paketCertType ) //lower level Cert can not sign
349 { //upper level Cert
350 return false;
351 }
352
353 if((signingCertType == paketCertType) && (paketCertType != KEY_TYPE_ROOT))
354 {
355 return false;
356 }
357
358 std::pair<ndn::shared_ptr<ndn::IdentityCertificate>, bool> signee=
359 certStore.getCertificateFromStore(signingCertName);
360
361 if( signee.second )
362 {
363 switch(paketCertType)
364 {
365 case KEY_TYPE_ROOT:
366 return ((getRootName(packetName) == nlsrRootKeyPrefix) &&
367 verifySignature(packet,signee.first->getPublicKeyInfo()));
368 break;
369 case KEY_TYPE_SITE:
370 return ((getRootName(packetName) == getRootName(signingCertName)) &&
371 verifySignature(packet,signee.first->getPublicKeyInfo()) &&
372 certStore.getCertificateIsVerified(signingCertName));
373 break;
374 case KEY_TYPE_OPERATOR:
375 return ((getSiteName(packetName) == getSiteName(signingCertName)) &&
376 verifySignature(packet,signee.first->getPublicKeyInfo()) &&
377 certStore.getCertificateIsVerified(signingCertName));
378 break;
379 case KEY_TYPE_ROUTER:
380 return ((getSiteName(packetName) == getSiteName(signingCertName)) &&
381 verifySignature(packet,signee.first->getPublicKeyInfo()) &&
382 certStore.getCertificateIsVerified(signingCertName));
383 break;
384 case KEY_TYPE_PROCESS:
385 return ((getRouterName(packetName) == getRouterName(signingCertName)) &&
386 verifySignature(packet,signee.first->getPublicKeyInfo()) &&
387 certStore.getCertificateIsVerified(signingCertName));
388 break;
389 }
390 }
391 else
392 {
393 std::cout<<"Certificate Not Found in store. Sending Interest"<<std::endl;
394 pnlsr.getIm().expressInterest(pnlsr, signingCertName, 3,
395 pnlsr.getConfParameter().getInterestResendTime());
396 return false;
397 }
398 return false;
399 }
akmhoqueba094742014-02-28 11:47:21 -0600[diff] [blame]400}
401
402
403