Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 1 | /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */ |
| 2 | /** |
| 3 | * Copyright (C) 2013 Regents of the University of California. |
| 4 | * @author: Yingdi Yu <yingdi@cs.ucla.edu> |
| 5 | * @author: Jeff Thompson <jefft0@remap.ucla.edu> |
| 6 | * See COPYING for copyright and distribution information. |
| 7 | */ |
| 8 | |
Alexander Afanasyev | e2dcdfd | 2014-02-07 15:53:28 -0800 | [diff] [blame] | 9 | #include "common.hpp" |
| 10 | |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 11 | #include "validator.hpp" |
| 12 | #include "../util/logging.hpp" |
Yingdi Yu | 2115716 | 2014-02-28 13:02:34 -0800 | [diff] [blame] | 13 | #include "../util/crypto.hpp" |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 14 | |
Junxiao Shi | 482ccc5 | 2014-03-31 13:05:24 -0700 | [diff] [blame] | 15 | #include "cryptopp.hpp" |
Yingdi Yu | 2115716 | 2014-02-28 13:02:34 -0800 | [diff] [blame] | 16 | |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 17 | |
| 18 | using namespace std; |
| 19 | |
Yingdi Yu | 2115716 | 2014-02-28 13:02:34 -0800 | [diff] [blame] | 20 | INIT_LOGGER("ndn.Validator"); |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 21 | |
| 22 | namespace ndn { |
| 23 | |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame^] | 24 | const shared_ptr<Face> Validator::DEFAULT_FACE; |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 25 | |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame^] | 26 | Validator::Validator(shared_ptr<Face> face /* = DefaultFace */) |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 27 | : m_face(face) |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame^] | 28 | { |
| 29 | } |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 30 | |
| 31 | void |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame^] | 32 | Validator::validate(const Interest& interest, |
| 33 | const OnInterestValidated& onValidated, |
| 34 | const OnInterestValidationFailed& onValidationFailed, |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 35 | int stepCount) |
| 36 | { |
| 37 | vector<shared_ptr<ValidationRequest> > nextSteps; |
| 38 | checkPolicy(interest, stepCount, onValidated, onValidationFailed, nextSteps); |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame^] | 39 | |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 40 | if (!nextSteps.empty()) |
| 41 | { |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame^] | 42 | if (!static_cast<bool>(m_face)) |
| 43 | throw Error("Face should be set before calling validate method"); |
| 44 | |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 45 | vector<shared_ptr<ValidationRequest> >::const_iterator it = nextSteps.begin(); |
Yingdi Yu | 40587c0 | 2014-02-21 16:40:48 -0800 | [diff] [blame] | 46 | OnFailure onFailure = bind(onValidationFailed, interest.shared_from_this(), _1); |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame^] | 47 | for (; it != nextSteps.end(); it++) |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 48 | m_face->expressInterest((*it)->m_interest, |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame^] | 49 | bind(&Validator::onData, this, _1, _2, *it), |
| 50 | bind(&Validator::onTimeout, |
| 51 | this, _1, (*it)->m_retry, |
| 52 | onFailure, |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 53 | *it)); |
| 54 | } |
| 55 | else |
| 56 | { |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame^] | 57 | // If there is no nextStep, |
| 58 | // that means InterestPolicy has already been able to verify the Interest. |
| 59 | // No more further processes. |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 60 | } |
| 61 | } |
| 62 | |
| 63 | void |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame^] | 64 | Validator::validate(const Data& data, |
| 65 | const OnDataValidated& onValidated, |
| 66 | const OnDataValidationFailed& onValidationFailed, |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 67 | int stepCount) |
| 68 | { |
| 69 | vector<shared_ptr<ValidationRequest> > nextSteps; |
| 70 | checkPolicy(data, stepCount, onValidated, onValidationFailed, nextSteps); |
| 71 | |
| 72 | if (!nextSteps.empty()) |
| 73 | { |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame^] | 74 | if (!static_cast<bool>(m_face)) |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 75 | throw Error("Face should be set prior to verify method to call"); |
| 76 | |
| 77 | vector<shared_ptr<ValidationRequest> >::const_iterator it = nextSteps.begin(); |
Yingdi Yu | 40587c0 | 2014-02-21 16:40:48 -0800 | [diff] [blame] | 78 | OnFailure onFailure = bind(onValidationFailed, data.shared_from_this(), _1); |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame^] | 79 | for (; it != nextSteps.end(); it++) |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 80 | m_face->expressInterest((*it)->m_interest, |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame^] | 81 | bind(&Validator::onData, this, _1, _2, *it), |
| 82 | bind(&Validator::onTimeout, |
| 83 | this, _1, (*it)->m_retry, |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 84 | onFailure, |
| 85 | *it)); |
| 86 | } |
| 87 | else |
| 88 | { |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame^] | 89 | // If there is no nextStep, |
| 90 | // that means Data Policy has already been able to verify the Interest. |
| 91 | // No more further processes. |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 92 | } |
| 93 | } |
| 94 | |
| 95 | void |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame^] | 96 | Validator::onData(const Interest& interest, |
| 97 | const Data& data, |
Alexander Afanasyev | 0222fba | 2014-02-09 23:16:02 -0800 | [diff] [blame] | 98 | const shared_ptr<ValidationRequest>& nextStep) |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 99 | { |
| 100 | validate(data, nextStep->m_onValidated, nextStep->m_onDataValidated, nextStep->m_stepCount); |
| 101 | } |
| 102 | |
| 103 | void |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame^] | 104 | Validator::onTimeout(const Interest& interest, |
| 105 | int retry, |
| 106 | const OnFailure& onFailure, |
Alexander Afanasyev | 0222fba | 2014-02-09 23:16:02 -0800 | [diff] [blame] | 107 | const shared_ptr<ValidationRequest>& nextStep) |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 108 | { |
| 109 | if (retry > 0) |
| 110 | // Issue the same expressInterest except decrement retry. |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame^] | 111 | m_face->expressInterest(interest, |
| 112 | bind(&Validator::onData, this, _1, _2, nextStep), |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 113 | bind(&Validator::onTimeout, this, _1, retry - 1, onFailure, nextStep)); |
| 114 | else |
Yingdi Yu | 40587c0 | 2014-02-21 16:40:48 -0800 | [diff] [blame] | 115 | onFailure("Cannot fetch cert: " + interest.getName().toUri()); |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 116 | } |
| 117 | |
| 118 | bool |
| 119 | Validator::verifySignature(const Data& data, const PublicKey& key) |
| 120 | { |
Yingdi Yu | 40587c0 | 2014-02-21 16:40:48 -0800 | [diff] [blame] | 121 | try |
| 122 | { |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame^] | 123 | switch (data.getSignature().getType()) |
Yingdi Yu | 40587c0 | 2014-02-21 16:40:48 -0800 | [diff] [blame] | 124 | { |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame^] | 125 | case Signature::Sha256WithRsa: |
| 126 | { |
| 127 | SignatureSha256WithRsa sigSha256Rsa(data.getSignature()); |
| 128 | return verifySignature(data, sigSha256Rsa, key); |
| 129 | } |
| 130 | default: |
| 131 | { |
| 132 | _LOG_DEBUG("verifySignature: Unknown signature type: " << data.getSignature().getType()); |
| 133 | return false; |
| 134 | } |
Yingdi Yu | 40587c0 | 2014-02-21 16:40:48 -0800 | [diff] [blame] | 135 | } |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 136 | } |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame^] | 137 | catch (const Signature::Error& e) |
Yingdi Yu | 40587c0 | 2014-02-21 16:40:48 -0800 | [diff] [blame] | 138 | { |
| 139 | _LOG_DEBUG("verifySignature: " << e.what()); |
| 140 | return false; |
| 141 | } |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 142 | return false; |
| 143 | } |
| 144 | |
| 145 | bool |
Yingdi Yu | 2115716 | 2014-02-28 13:02:34 -0800 | [diff] [blame] | 146 | Validator::verifySignature(const Interest& interest, const PublicKey& key) |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 147 | { |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame^] | 148 | const Name& interestName = interest.getName(); |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 149 | |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame^] | 150 | if (interestName.size() < 2) |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 151 | return false; |
| 152 | |
Yingdi Yu | 40587c0 | 2014-02-21 16:40:48 -0800 | [diff] [blame] | 153 | try |
| 154 | { |
| 155 | const Block& nameBlock = interestName.wireEncode(); |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 156 | |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame^] | 157 | Signature sig(interestName[-2].blockFromValue(), |
Yingdi Yu | 40587c0 | 2014-02-21 16:40:48 -0800 | [diff] [blame] | 158 | interestName[-1].blockFromValue()); |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 159 | |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame^] | 160 | switch (sig.getType()) |
Yingdi Yu | 40587c0 | 2014-02-21 16:40:48 -0800 | [diff] [blame] | 161 | { |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame^] | 162 | case Signature::Sha256WithRsa: |
| 163 | { |
| 164 | SignatureSha256WithRsa sigSha256Rsa(sig); |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 165 | |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame^] | 166 | return verifySignature(nameBlock.value(), |
| 167 | nameBlock.value_size() - interestName[-1].size(), |
| 168 | sigSha256Rsa, key); |
| 169 | } |
| 170 | default: |
| 171 | { |
| 172 | _LOG_DEBUG("verifySignature: Unknown signature type: " << sig.getType()); |
| 173 | return false; |
| 174 | } |
Yingdi Yu | 40587c0 | 2014-02-21 16:40:48 -0800 | [diff] [blame] | 175 | } |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 176 | } |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame^] | 177 | catch (const Signature::Error& e) |
Yingdi Yu | 40587c0 | 2014-02-21 16:40:48 -0800 | [diff] [blame] | 178 | { |
| 179 | _LOG_DEBUG("verifySignature: " << e.what()); |
| 180 | return false; |
| 181 | } |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame^] | 182 | catch (const Block::Error& e) |
Yingdi Yu | 40587c0 | 2014-02-21 16:40:48 -0800 | [diff] [blame] | 183 | { |
| 184 | _LOG_DEBUG("verifySignature: " << e.what()); |
| 185 | return false; |
| 186 | } |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 187 | return false; |
| 188 | } |
| 189 | |
| 190 | bool |
Yingdi Yu | 2115716 | 2014-02-28 13:02:34 -0800 | [diff] [blame] | 191 | Validator::verifySignature(const Buffer& data, const Signature& sig, const PublicKey& key) |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 192 | { |
Yingdi Yu | 40587c0 | 2014-02-21 16:40:48 -0800 | [diff] [blame] | 193 | try |
| 194 | { |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame^] | 195 | switch (sig.getType()) |
Yingdi Yu | 40587c0 | 2014-02-21 16:40:48 -0800 | [diff] [blame] | 196 | { |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame^] | 197 | case Signature::Sha256WithRsa: |
| 198 | { |
| 199 | SignatureSha256WithRsa sigSha256Rsa(sig); |
| 200 | return verifySignature(data, sigSha256Rsa, key); |
| 201 | } |
| 202 | default: |
| 203 | { |
| 204 | _LOG_DEBUG("verifySignature: Unknown signature type: " << sig.getType()); |
| 205 | return false; |
| 206 | } |
Yingdi Yu | 40587c0 | 2014-02-21 16:40:48 -0800 | [diff] [blame] | 207 | } |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 208 | } |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame^] | 209 | catch (const Signature::Error& e) |
Yingdi Yu | 40587c0 | 2014-02-21 16:40:48 -0800 | [diff] [blame] | 210 | { |
| 211 | _LOG_DEBUG("verifySignature: " << e.what()); |
| 212 | return false; |
| 213 | } |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 214 | return false; |
| 215 | } |
| 216 | |
| 217 | bool |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame^] | 218 | Validator::verifySignature(const uint8_t* buf, |
| 219 | const size_t size, |
| 220 | const SignatureSha256WithRsa& sig, |
| 221 | const PublicKey& key) |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 222 | { |
Yingdi Yu | 40587c0 | 2014-02-21 16:40:48 -0800 | [diff] [blame] | 223 | try |
| 224 | { |
| 225 | using namespace CryptoPP; |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 226 | |
Yingdi Yu | 40587c0 | 2014-02-21 16:40:48 -0800 | [diff] [blame] | 227 | RSA::PublicKey publicKey; |
| 228 | ByteQueue queue; |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 229 | |
Yingdi Yu | 40587c0 | 2014-02-21 16:40:48 -0800 | [diff] [blame] | 230 | queue.Put(reinterpret_cast<const byte*>(key.get().buf()), key.get().size()); |
| 231 | publicKey.Load(queue); |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 232 | |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame^] | 233 | RSASS<PKCS1v15, SHA256>::Verifier verifier(publicKey); |
| 234 | return verifier.VerifyMessage(buf, size, |
| 235 | sig.getValue().value(), |
| 236 | sig.getValue().value_size()); |
Yingdi Yu | 40587c0 | 2014-02-21 16:40:48 -0800 | [diff] [blame] | 237 | } |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame^] | 238 | catch (const CryptoPP::Exception& e) |
Yingdi Yu | 40587c0 | 2014-02-21 16:40:48 -0800 | [diff] [blame] | 239 | { |
| 240 | _LOG_DEBUG("verifySignature: " << e.what()); |
| 241 | return false; |
| 242 | } |
Yingdi Yu | 6ac9798 | 2014-01-30 14:49:21 -0800 | [diff] [blame] | 243 | } |
| 244 | |
Yingdi Yu | 2115716 | 2014-02-28 13:02:34 -0800 | [diff] [blame] | 245 | bool |
| 246 | Validator::verifySignature(const uint8_t* buf, const size_t size, const SignatureSha256& sig) |
| 247 | { |
| 248 | try |
| 249 | { |
| 250 | ConstBufferPtr buffer = crypto::sha256(buf, size); |
| 251 | const Block& sigValue = sig.getValue(); |
| 252 | |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame^] | 253 | if (static_cast<bool>(buffer) && |
| 254 | buffer->size() == sigValue.value_size() && |
| 255 | buffer->size() == crypto::SHA256_DIGEST_SIZE) |
Yingdi Yu | 2115716 | 2014-02-28 13:02:34 -0800 | [diff] [blame] | 256 | { |
| 257 | |
| 258 | const uint8_t* p1 = buffer->buf(); |
| 259 | const uint8_t* p2 = sigValue.value(); |
| 260 | |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame^] | 261 | return 0 == memcmp(p1, p2, crypto::SHA256_DIGEST_SIZE); |
Yingdi Yu | 2115716 | 2014-02-28 13:02:34 -0800 | [diff] [blame] | 262 | } |
| 263 | else |
| 264 | return false; |
| 265 | } |
Yingdi Yu | 48e8c0c | 2014-03-19 12:01:55 -0700 | [diff] [blame^] | 266 | catch (const CryptoPP::Exception& e) |
Yingdi Yu | 2115716 | 2014-02-28 13:02:34 -0800 | [diff] [blame] | 267 | { |
| 268 | _LOG_DEBUG("verifySignature: " << e.what()); |
| 269 | return false; |
| 270 | } |
| 271 | } |
| 272 | |
Yingdi Yu | fc40d87 | 2014-02-18 12:56:04 -0800 | [diff] [blame] | 273 | } // namespace ndn |