Gitiles
Code Review Sign In
gerrit.named-data.net / name-based-access-control / ff3ee9f2af0303028b6f5a840f1e5641b3982ac1 / . / src / decryptor.hpp
blob: d2d6406ddc5df5ba0723c1a226aba52e2437cbba [file] [log] [blame]
Alexander Afanasyevff3ee9f2018-06-13 20:33:30 -0400[diff] [blame^]1/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
2/**
3 * Copyright (c) 2014-2018, Regents of the University of California
4 *
5 * NAC library is free software: you can redistribute it and/or modify it under the
6 * terms of the GNU Lesser General Public License as published by the Free Software
7 * Foundation, either version 3 of the License, or (at your option) any later version.
8 *
9 * NAC library is distributed in the hope that it will be useful, but WITHOUT ANY
10 * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
11 * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
12 *
13 * You should have received copies of the GNU General Public License and GNU Lesser
14 * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
15 * <http://www.gnu.org/licenses/>.
16 *
17 * See AUTHORS.md for complete list of NAC library authors and contributors.
18 */
19
20#ifndef NDN_NAC_DECRYPTOR_HPP
21#define NDN_NAC_DECRYPTOR_HPP
22
23#include "common.hpp"
24#include "encrypted-content.hpp"
25
26#include <ndn-cxx/face.hpp>
27
28namespace ndn {
29namespace nac {
30
31/**
32 * @brief NAC Decryptor
33 *
34 * Encryptor decrypts (asynchronous operation, contingent on successful retrieval of CK data,
35 * KDK, and decryption of both) the supplied ``EncryptedContent`` element.
36 */
37class Decryptor
38{
39public:
40 using DecryptSuccessCallback = std::function<void(ConstBufferPtr)>;
41
42private:
43 struct ContentKey
44 {
45 bool isRetrieved = false;
46 Buffer bits;
47 const PendingInterestId* pendingInterest = nullptr;
48
49 struct PendingDecrypt
50 {
51 EncryptedContent encryptedContent;
52 DecryptSuccessCallback onSuccess;
53 ErrorCallback onFailure;
54 };
55 std::list<PendingDecrypt> pendingDecrypts;
56 };
57
58 using ContentKeys = std::map<Name, ContentKey>;
59
60public:
61 /**
62 * @brief Constructor
63 * @param credentialsKey Credentials key to be used to retrieve and decrypt KDK
64 * @param validator Validation policy to ensure validity of KDK and CK
65 * @param keyChain KeyChain
66 * @param face Face that will be used to fetch CK and KDK
67 */
68 Decryptor(const Key& credentialsKey, Validator& validator, KeyChain& keyChain, Face& face);
69
70 ~Decryptor();
71
72 /**
73 * @brief Asynchronously decrypt @p encryptedContent
74 */
75 void
76 decrypt(const Block& encryptedContent, const DecryptSuccessCallback& onSuccess, const ErrorCallback& onFailure);
77
78private:
79 void
80 fetchCk(ContentKeys::iterator ck, const ErrorCallback& onFailure, size_t nTriesLeft);
81
82 void
83 fetchKdk(ContentKeys::iterator ck, const Name& kdkPrefix, const Data& ckData,
84 const ErrorCallback& onFailure, size_t nTriesLeft);
85
86 bool
87 decryptAndImportKdk(const Data& kdkData, const ErrorCallback& onFailure);
88
89 void
90 decryptCkAndProcessPendingDecrypts(ContentKeys::iterator ck, const Data& ckData,
91 const Name& kdkKeyName/* local keyChain name for KDK key*/,
92 const ErrorCallback& onFailure);
93
94 /**
95 * @brief Synchronously decrypt (assume CK exists)
96 */
97 void
98 doDecrypt(const EncryptedContent& encryptedContent, const Buffer& ckBits,
99 const DecryptSuccessCallback& onSuccess,
100 const ErrorCallback& onFailure);
101
102private:
103 Key m_credentialsKey;
104 // Validator& m_validator;
105 Face& m_face;
106 KeyChain& m_keyChain; // external keychain with access credentials
107 KeyChain m_internalKeyChain; // internal in-memory keychain for temporarily storing KDKs
108
109 // a set of Content Keys
110 // @TODO add some expiration, so they are not stored forever
111 ContentKeys m_cks;
112};
113
114} // namespace nac
115} // namespace ndn
116
117#endif // NDN_NAC_DECRYPTOR_HPP