Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 1 | /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */ |
| 2 | /** |
| 3 | * Copyright (C) 2013 Regents of the University of California. |
| 4 | * @author: Yingdi Yu <yingdi@cs.ucla.edu> |
| 5 | * @author: Jeff Thompson <jefft0@remap.ucla.edu> |
| 6 | * See COPYING for copyright and distribution information. |
| 7 | */ |
| 8 | |
Yingdi Yu | fc40d87 | 2014-02-18 12:56:04 -0800 | [diff] [blame] | 9 | #ifndef NDN_SECURITY_VALIDATOR_HPP |
| 10 | #define NDN_SECURITY_VALIDATOR_HPP |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 11 | |
Alexander Afanasyev | e2dcdfd | 2014-02-07 15:53:28 -0800 | [diff] [blame] | 12 | #include "../common.hpp" |
| 13 | |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 14 | #include "../data.hpp" |
| 15 | #include "../face.hpp" |
| 16 | #include "public-key.hpp" |
| 17 | #include "signature-sha256-with-rsa.hpp" |
Yingdi Yu | 2115716 | 2014-02-28 13:02:34 -0800 | [diff] [blame] | 18 | #include "signature-sha256.hpp" |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 19 | #include "validation-request.hpp" |
| 20 | |
| 21 | namespace ndn { |
| 22 | /** |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame] | 23 | * @brief Validator is one of the main classes of the security library. |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 24 | * |
| 25 | * The Validator class provides the interfaces for packet validation. |
| 26 | */ |
Alexander Afanasyev | 2a7f720 | 2014-04-23 14:25:29 -0700 | [diff] [blame^] | 27 | class Validator |
| 28 | { |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 29 | public: |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame] | 30 | class Error : public std::runtime_error |
| 31 | { |
| 32 | public: |
| 33 | explicit |
| 34 | Error(const std::string& what) |
| 35 | : std::runtime_error(what) |
| 36 | { |
| 37 | } |
| 38 | }; |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 39 | |
Yingdi Yu | 96e6406 | 2014-04-15 19:57:33 -0700 | [diff] [blame] | 40 | Validator(); |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 41 | |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame] | 42 | explicit |
Yingdi Yu | 96e6406 | 2014-04-15 19:57:33 -0700 | [diff] [blame] | 43 | Validator(Face& face); |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 44 | |
| 45 | /** |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame] | 46 | * @brief Validate Data and call either onValidated or onValidationFailed. |
| 47 | * |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 48 | * @param data The Data with the signature to check. |
| 49 | * @param onValidated If the Data is validated, this calls onValidated(data). |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 50 | * @param onValidationFailed If validation fails, this calls onValidationFailed(data). |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 51 | */ |
| 52 | void |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame] | 53 | validate(const Data& data, |
| 54 | const OnDataValidated& onValidated, |
| 55 | const OnDataValidationFailed& onValidationFailed) |
| 56 | { |
| 57 | validate(data, onValidated, onValidationFailed, 0); |
| 58 | } |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 59 | |
| 60 | /** |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame] | 61 | * @brief Validate Interest and call either onValidated or onValidationFailed. |
| 62 | * |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 63 | * @param interest The Interest with the signature to check. |
| 64 | * @param onValidated If the Interest is validated, this calls onValidated(interest). |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 65 | * @param onValidationFailed If validation fails, this calls onValidationFailed(interest). |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 66 | */ |
| 67 | void |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame] | 68 | validate(const Interest& interest, |
| 69 | const OnInterestValidated& onValidated, |
| 70 | const OnInterestValidationFailed& onValidationFailed) |
| 71 | { |
| 72 | validate(interest, onValidated, onValidationFailed, 0); |
| 73 | } |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 74 | |
| 75 | /***************************************** |
| 76 | * verifySignature method set * |
| 77 | *****************************************/ |
| 78 | |
| 79 | /// @brief Verify the data using the publicKey. |
| 80 | static bool |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame] | 81 | verifySignature(const Data& data, const PublicKey& publicKey); |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 82 | |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame] | 83 | /** |
| 84 | * @brief Verify the signed Interest using the publicKey. |
| 85 | * |
| 86 | * (Note the signature covers the first n-2 name components). |
| 87 | */ |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 88 | static bool |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame] | 89 | verifySignature(const Interest& interest, const PublicKey& publicKey); |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 90 | |
| 91 | /// @brief Verify the blob using the publicKey against the signature. |
| 92 | static bool |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame] | 93 | verifySignature(const Buffer& blob, const Signature& sig, const PublicKey& publicKey); |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 94 | |
| 95 | /// @brief Verify the data using the publicKey against the SHA256-RSA signature. |
| 96 | static bool |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame] | 97 | verifySignature(const Data& data, |
| 98 | const SignatureSha256WithRsa& sig, |
| 99 | const PublicKey& publicKey) |
| 100 | { |
| 101 | return verifySignature(data.wireEncode().value(), |
| 102 | data.wireEncode().value_size() - data.getSignature().getValue().size(), |
| 103 | sig, publicKey); |
| 104 | } |
| 105 | |
| 106 | /** @brief Verify the interest using the publicKey against the SHA256-RSA signature. |
| 107 | * |
| 108 | * (Note the signature covers the first n-2 name components). |
| 109 | */ |
| 110 | static bool |
| 111 | verifySignature(const Interest& interest, |
| 112 | const SignatureSha256WithRsa& sig, |
| 113 | const PublicKey& publicKey) |
| 114 | { |
| 115 | if (interest.getName().size() < 2) |
| 116 | return false; |
| 117 | |
Yingdi Yu | 3cca4ab | 2014-04-11 12:46:53 -0700 | [diff] [blame] | 118 | const Name& name = interest.getName(); |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame] | 119 | |
Yingdi Yu | 3cca4ab | 2014-04-11 12:46:53 -0700 | [diff] [blame] | 120 | return verifySignature(name.wireEncode().value(), |
| 121 | name.wireEncode().value_size() - name[-1].size(), |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame] | 122 | sig, publicKey); |
| 123 | } |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 124 | |
| 125 | /// @brief Verify the blob using the publicKey against the SHA256-RSA signature. |
| 126 | static bool |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame] | 127 | verifySignature(const Buffer& blob, |
| 128 | const SignatureSha256WithRsa& sig, |
| 129 | const PublicKey& publicKey) |
| 130 | { |
| 131 | return verifySignature(blob.buf(), blob.size(), sig, publicKey); |
| 132 | } |
| 133 | |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 134 | /// @brief Verify the blob using the publicKey against the SHA256-RSA signature. |
| 135 | static bool |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame] | 136 | verifySignature(const uint8_t* buf, |
| 137 | const size_t size, |
| 138 | const SignatureSha256WithRsa& sig, |
| 139 | const PublicKey& publicKey); |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 140 | |
Yingdi Yu | 2115716 | 2014-02-28 13:02:34 -0800 | [diff] [blame] | 141 | |
| 142 | /// @brief Verify the data against the SHA256 signature. |
| 143 | static bool |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame] | 144 | verifySignature(const Data& data, const SignatureSha256& sig) |
| 145 | { |
| 146 | return verifySignature(data.wireEncode().value(), |
| 147 | data.wireEncode().value_size() - |
| 148 | data.getSignature().getValue().size(), |
| 149 | sig); |
| 150 | } |
| 151 | |
| 152 | /** @brief Verify the interest against the SHA256 signature. |
| 153 | * |
| 154 | * (Note the signature covers the first n-2 name components). |
| 155 | */ |
| 156 | static bool |
| 157 | verifySignature(const Interest& interest, const SignatureSha256& sig) |
| 158 | { |
| 159 | if (interest.getName().size() < 2) |
| 160 | return false; |
| 161 | |
| 162 | Name signedName = interest.getName().getPrefix(-2); |
| 163 | |
| 164 | return verifySignature(signedName.wireEncode().value(), |
| 165 | signedName.wireEncode().value_size(), |
| 166 | sig); |
| 167 | } |
Yingdi Yu | 2115716 | 2014-02-28 13:02:34 -0800 | [diff] [blame] | 168 | |
| 169 | /// @brief Verify the blob against the SHA256 signature. |
| 170 | static bool |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame] | 171 | verifySignature(const Buffer& blob, const SignatureSha256& sig) |
| 172 | { |
| 173 | return verifySignature (blob.buf(), blob.size(), sig); |
| 174 | } |
| 175 | |
Yingdi Yu | 2115716 | 2014-02-28 13:02:34 -0800 | [diff] [blame] | 176 | /// @brief Verify the blob against the SHA256 signature. |
| 177 | static bool |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame] | 178 | verifySignature(const uint8_t* buf, const size_t size, const SignatureSha256& sig); |
Yingdi Yu | 2115716 | 2014-02-28 13:02:34 -0800 | [diff] [blame] | 179 | |
| 180 | |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 181 | protected: |
| 182 | /** |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame] | 183 | * @brief Check the Data against policy and return the next validation step if necessary. |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 184 | * |
| 185 | * If there is no next validation step, that validation MUST have been done. |
| 186 | * i.e., either onValidated or onValidationFailed callback is invoked. |
| 187 | * |
| 188 | * @param data The Data to check. |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 189 | * @param nSteps The number of validation steps that have been done. |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 190 | * @param onDataValidated If the Data is validated, this calls onValidated(data). |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 191 | * @param onDataValidationFailed If validation fails, this calls onValidationFailed(data). |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 192 | * @param nextSteps On return, contains the next validation step. |
| 193 | */ |
| 194 | virtual void |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame] | 195 | checkPolicy(const Data& data, |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 196 | int nSteps, |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame] | 197 | const OnDataValidated& onValidated, |
| 198 | const OnDataValidationFailed& onValidationFailed, |
| 199 | std::vector<shared_ptr<ValidationRequest> >& nextSteps) = 0; |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 200 | |
| 201 | /** |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 202 | * @brief Check the Interest against validation policy and return the next validation step |
| 203 | * if necessary. |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 204 | * |
| 205 | * If there is no next validation step, that validation MUST have been done. |
| 206 | * i.e., either onValidated or onValidationFailed callback is invoked. |
| 207 | * |
| 208 | * @param data The Interest to check. |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 209 | * @param nSteps The number of validation steps that have been done. |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 210 | * @param OnInterestValidated If the Interest is validated, this calls onValidated(data). |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 211 | * @param OnInterestValidationFailed If validation fails, this calls onValidationFailed(data). |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 212 | * @return the indication of next validation step, null if there is no further step. |
| 213 | */ |
| 214 | virtual void |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame] | 215 | checkPolicy(const Interest& interest, |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 216 | int nSteps, |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame] | 217 | const OnInterestValidated& onValidated, |
| 218 | const OnInterestValidationFailed& onValidationFailed, |
| 219 | std::vector<shared_ptr<ValidationRequest> >& nextSteps) = 0; |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 220 | |
| 221 | private: |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 222 | typedef function<void(const std::string&)> OnFailure; |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame] | 223 | |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 224 | /// @brief Process the received certificate. |
| 225 | void |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame] | 226 | onData(const Interest& interest, |
| 227 | const Data& data, |
| 228 | const shared_ptr<ValidationRequest>& nextStep); |
| 229 | |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 230 | /// @brief Re-express the interest if it times out. |
| 231 | void |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame] | 232 | onTimeout(const Interest& interest, |
| 233 | int retry, |
| 234 | const OnFailure& onFailure, |
| 235 | const shared_ptr<ValidationRequest>& nextStep); |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 236 | |
| 237 | void |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame] | 238 | validate(const Data& data, |
| 239 | const OnDataValidated& onValidated, |
| 240 | const OnDataValidationFailed& onValidationFailed, |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 241 | int nSteps); |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 242 | |
| 243 | void |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame] | 244 | validate(const Interest& interest, |
| 245 | const OnInterestValidated& onValidated, |
| 246 | const OnInterestValidationFailed& onValidationFailed, |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 247 | int nSteps); |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 248 | |
| 249 | protected: |
Yingdi Yu | 96e6406 | 2014-04-15 19:57:33 -0700 | [diff] [blame] | 250 | bool m_hasFace; |
| 251 | Face& m_face; |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 252 | }; |
| 253 | |
Yingdi Yu | fc40d87 | 2014-02-18 12:56:04 -0800 | [diff] [blame] | 254 | } // namespace ndn |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 255 | |
Yingdi Yu | fc40d87 | 2014-02-18 12:56:04 -0800 | [diff] [blame] | 256 | #endif //NDN_SECURITY_VALIDATOR_HPP |